ipv6: drop metadata dst in ip6_route_input
authorJiri Benc <jbenc@redhat.com>
Thu, 20 Aug 2015 11:56:26 +0000 (13:56 +0200)
committerDavid S. Miller <davem@davemloft.net>
Thu, 20 Aug 2015 22:42:36 +0000 (15:42 -0700)
The fix in commit 48fb6b554501 is incomplete, as now ip6_route_input can be
called with non-NULL dst if it's a metadata dst and the reference is leaked.
Drop the reference.

Fixes: 48fb6b554501 ("ipv6: fix crash over flow-based vxlan device")
Fixes: ee122c79d422 ("vxlan: Flow based tunneling")
CC: Wei-Chun Chao <weichunc@plumgrid.com>
CC: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv6/route.c

index e6bbcdee7707aba4e8cd219df234103c8d0c537d..0947ad0b3de8a9a8abee2abcfc98e00886438826 100644 (file)
@@ -1140,6 +1140,7 @@ void ip6_route_input(struct sk_buff *skb)
                .flowi6_proto = iph->nexthdr,
        };
 
+       skb_dst_drop(skb);
        skb_dst_set(skb, ip6_route_input_lookup(net, skb->dev, &fl6, flags));
 }