From: Thomas Graf <tgraf@redhat.com> Date: Wed, 25 Aug 2010 20:49:11 -0400 Subject: [net] ipv6: Plug sk_buff leak in ipv6_rcv Message-id: <20100825204911.GA14555@lsx.localdomain> Patchwork-id: 27819 O-Subject: [RHEL5.6 PATCH] ipv6: Plug sk_buff leak in ipv6_rcv (BZ574913) Bugzilla: 574913 RH-Acked-by: David S. Miller <davem@redhat.com> RH-Acked-by: Jiri Pirko <jpirko@redhat.com> ipv6_rcv() leaks an skb if skb_share_check() succeeded but ipv6 has been disabled via sysctl. This patch addresses the issue by freeing the skb properly. The patch is identical to the corresponding upstream commit 71f6f6dfdf7c7a67462386d9ea05c1095a89c555. Resolves BZ574913 Signed-off-by: Jarod Wilson <jarod@redhat.com> diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c index 7c02a9c..ffe05ea 100644 --- a/net/ipv6/ip6_input.c +++ b/net/ipv6/ip6_input.c @@ -77,8 +77,7 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL || (ext && unlikely(ext->ipv6_devconf_ext.disable_ipv6))) { IP6_INC_STATS_BH(idev, IPSTATS_MIB_INDISCARDS); - rcu_read_unlock(); - goto out; + goto drop; } memset(IP6CB(skb), 0, sizeof(struct inet6_skb_parm)); @@ -147,7 +146,6 @@ err: drop: rcu_read_unlock(); kfree_skb(skb); -out: return 0; }