-stable review patch. If anyone has any objections, please let us know.
---------------------
From: Denis V. Lunev <[email protected]>
Upstream commit: 9937ded8e44de8865cba1509d24eea9d350cebf0
The result of the ip_route_output is not assigned to skb. This means that
- it is leaked
- possible OOPS below dereferrencing skb->dst
- no ICMP message for this case
Signed-off-by: Denis V. Lunev <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
Signed-off-by: Chris Wright <[email protected]>
---
net/ipv6/ip6_tunnel.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -550,6 +550,7 @@ ip4ip6_err(struct sk_buff *skb, struct i
ip_rt_put(rt);
goto out;
}
+ skb2->dst = (struct dst_entry *)rt;
} else {
ip_rt_put(rt);
if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos,
--