udp: drop skb extensions before marking skb stateless - linux-dev - Linux kernel development work

diff options

author	Florian Westphal <fw@strlen.de>	2019-11-21 06:56:23 +0100
committer	David S. Miller <davem@davemloft.net>	2019-11-22 09:28:46 -0800
commit	677bf08cfdf9ee411c2084157f15d85edb09a81a (patch)
tree	291eb5fab8488e13ce843160bdc5a0fd7a5c936b /security
parent	net: rtnetlink: prevent underflows in do_setvfinfo() (diff)
download	linux-dev-677bf08cfdf9ee411c2084157f15d85edb09a81a.tar.xz linux-dev-677bf08cfdf9ee411c2084157f15d85edb09a81a.zip

udp: drop skb extensions before marking skb stateless

Once udp stack has set the UDP_SKB_IS_STATELESS flag, later skb free assumes all skb head state has been dropped already. This will leak the extension memory in case the skb has extensions other than the ipsec secpath, e.g. bridge nf data. To fix this, set the UDP_SKB_IS_STATELESS flag only if we don't have extensions or if the extension space can be free'd. Fixes: 895b5c9f206eb7d25dc1360a ("netfilter: drop bridge nf reset from nf_reset") Cc: Paolo Abeni <pabeni@redhat.com> Reported-by: Byron Stanoszek <gandalf@winds.org> Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'security')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: