In article <200212121905.gBCJ5hn18058@xxxxxxxxxxxxxxxxxxxxxx> (at Thu, 12 Dec
2002 11:05:43 -0800 (PST)), Krishna Kumar <krkumar@xxxxxxxxxx> says:
> I had sent this earlier, there is a bug in router advertisement handling code,
> where the reference (and memory) to an inet6_dev pointer can get leaked (this
> leak can happen atmost once for each interface on a system which receives
> invalid RA's). Below is the patch against 2.5.51 to fix it.
(It would be called "refcnt leakage," or some thing like that, but anyway)
This seems correct fix. please apply...
> -------------------------------------------------------------------------------
> diff -ruN linux.org/net/ipv6/ndisc.c linux/net/ipv6/ndisc.c
> --- linux.org/net/ipv6/ndisc.c Fri Nov 7 10:02:11 2002
> +++ linux/net/ipv6/ndisc.c Fri Nov 8 14:37:27 2002
> @@ -871,6 +871,7 @@
> }
>
> if (!ndisc_parse_options(opt, optlen, &ndopts)) {
> + in6_dev_put(in6_dev);
> if (net_ratelimit())
> ND_PRINTK2(KERN_WARNING
> "ICMP6 RA: invalid ND option, ignored.\n");
> -------------------------------------------------------------------------------
--
Hideaki YOSHIFUJI @ USAGI Project <yoshfuji@xxxxxxxxxxxxxx>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF 80D8 4807 F894 E062 0EEA
|