[PATCH] fix dst_entry leak in icmp_push_reply()

If the ip_append_data() call in icmp_push_reply() fails,ip_flush_pending_frames() needs to be called. Otherwise, ip_rt_put() isnever called on inet_sk(icmp_socket->sk)->cork.rt, which prevents theroute (and net_device) from ever being freed.


I've attached a patch which fixes the problem.

Ollie Wild

diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -368,6 +368,8 @@ static void icmp_push_reply(struct icmp_
 		icmph->checksum = csum_fold(csum);
 		skb->ip_summed = CHECKSUM_NONE;
 		ip_push_pending_frames(icmp_socket->sk);
+	} else {
+		ip_flush_pending_frames(icmp_socket->sk);
 	}
 }

Follow-Ups:
- Re: [PATCH] fix dst_entry leak in icmp_push_reply()
  - From: Patrick McHardy <[email protected]>

Prev by Date: Re: [PATCH 5/5] 2.6.13-rc5-mm1, driver for IBM Automatic Server Restart watchdog
Next by Date: Re: [PATCH 2.6.12.4] ACPI oops during ipmi_si driver init
Previous by thread: [PATCH] small cleanup; remove check for NULL before kfree() in driver core
Next by thread: Re: [PATCH] fix dst_entry leak in icmp_push_reply()
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind]