vti6: Fix memory leak of skb if input policy check fails

The vti6_rcv function performs some tests on the retrieved tunnel including checking the IP protocol, the XFRM input policy, the source and destination address. In all but one places the skb is released in the error case. When the input policy check fails the network packet is leaked. Using the same goto-label discard in this case to fix this problem. Fixes: ed1efb2aefbb ("ipv6: Add support for IPsec virtual tunnel interfaces") Signed-off-by: Torsten Hilbrich <torsten.hilbrich@secunet.com> Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
author: Torsten Hilbrich <torsten.hilbrich@secunet.com> 2020-03-11 11:19:06 +0100
committer: Steffen Klassert <steffen.klassert@secunet.com> 2020-03-16 11:13:48 +0100
commit: 2a9de3af21aa8c31cd68b0b39330d69f8c1e59df (patch)
tree: fc73994b4d93542e0e8a36113414067a642ccc51 /net/ipv6/ip6_vti.c
parent: d1d17a359ce6901545c075d7401c10179d9cedfd (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index 56e642efefff..cc6180e08a4f 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -311,7 +311,7 @@ static int vti6_rcv(struct sk_buff *skb)
 
 		if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
 			rcu_read_unlock();
-			return 0;
+			goto discard;
 		}
 
 		ipv6h = ipv6_hdr(skb);
author	Torsten Hilbrich <torsten.hilbrich@secunet.com>	2020-03-11 11:19:06 +0100
committer	Steffen Klassert <steffen.klassert@secunet.com>	2020-03-16 11:13:48 +0100
commit	2a9de3af21aa8c31cd68b0b39330d69f8c1e59df (patch)
tree	fc73994b4d93542e0e8a36113414067a642ccc51 /net/ipv6/ip6_vti.c
parent	d1d17a359ce6901545c075d7401c10179d9cedfd (diff)