diff options
author | YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> | 2007-11-20 17:31:23 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2007-11-20 17:31:23 -0800 |
commit | 77adefdc9863d63f8d8bdc6a9adcdf9a6b0e2410 (patch) | |
tree | 4fe2532ad5ab2e9db497cf416acd5db634a4cd6a /net | |
parent | aacbe8c8800adfea42eb754396c6ebcd992cb36a (diff) | |
download | linux-77adefdc9863d63f8d8bdc6a9adcdf9a6b0e2410.tar.bz2 |
[IPV6] TCPMD5: Fix deleting key operation.
Due to the bug, refcnt for md5sig pool was leaked when
an user try to delete a key if we have more than one key.
In addition to the leakage, we returned incorrect return
result value for userspace.
This fix should close Bug #9418, reported by <ming-baini@163.com>.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv6/tcp_ipv6.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index b1bfbdd85d3c..93980c3b83e6 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -637,10 +637,6 @@ static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer) kfree(tp->md5sig_info->keys6); tp->md5sig_info->keys6 = NULL; tp->md5sig_info->alloced6 = 0; - - tcp_free_md5sig_pool(); - - return 0; } else { /* shrink the database */ if (tp->md5sig_info->entries6 != i) @@ -649,6 +645,8 @@ static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer) (tp->md5sig_info->entries6 - i) * sizeof (tp->md5sig_info->keys6[0])); } + tcp_free_md5sig_pool(); + return 0; } } return -ENOENT; |