udp: fix secpath leak
authorYossi Kuperman <yossiku@mellanox.com>
Fri, 1 Sep 2017 12:42:30 +0000 (14:42 +0200)
committerDavid S. Miller <davem@davemloft.net>
Fri, 1 Sep 2017 17:29:34 +0000 (10:29 -0700)
After commit dce4551cb2ad ("udp: preserve head state for IP_CMSG_PASSSEC")
we preserve the secpath for the whole skb lifecycle, but we also
end up leaking a reference to it.

We must clear the head state on skb reception, if secpath is
present.

Fixes: dce4551cb2ad ("udp: preserve head state for IP_CMSG_PASSSEC")
Signed-off-by: Yossi Kuperman <yossiku@mellanox.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/udp.c

index a6dc48d76a2976e307763198abdc55ee196e995b..62344804baaef96daf405dbdd5418db541b95864 100644 (file)
@@ -1176,7 +1176,7 @@ static void udp_set_dev_scratch(struct sk_buff *skb)
        scratch->csum_unnecessary = !!skb_csum_unnecessary(skb);
        scratch->is_linear = !skb_is_nonlinear(skb);
 #endif
-       if (likely(!skb->_skb_refdst))
+       if (likely(!skb->_skb_refdst && !skb_sec_path(skb)))
                scratch->_tsize_state |= UDP_SKB_IS_STATELESS;
 }