git.baikalelectronics.ru Git - kernel.git/commit

author	Joe Stringer <joestringer@nicira.com>
	Mon, 26 Oct 2015 03:21:48 +0000 (20:21 -0700)
committer	David S. Miller <davem@davemloft.net>
	Wed, 28 Oct 2015 02:32:14 +0000 (19:32 -0700)
commit	7ccf5f4ac529b6e8b2aaa809d5d399722db00eb8
tree	a85b6a44ec0f5d8d7ae915968ee88250c323a292	tree \| snapshot
parent	aad641078c84ed6f74d81168684db302b9a91662	commit \| diff

openvswitch: Fix double-free on ip_defrag() errors

If ip_defrag() returns an error other than -EINPROGRESS, then the skb is
freed. When handle_fragments() passes this back up to
do_execute_actions(), it will be freed again. Prevent this double free
by never freeing the skb in do_execute_actions() for errors returned by
ovs_ct_execute. Always free it in ovs_ct_execute() error paths instead.

Fixes: 14a5d06d39dd ("openvswitch: Add conntrack action")
Reported-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/openvswitch/actions.c		diff \| blob \| history
net/openvswitch/conntrack.c		diff \| blob \| history
net/openvswitch/conntrack.h		diff \| blob \| history