netfilter: nf_queue: fix NF_STOLEN skb leak

commit 3bc38712 (handle NF_STOP and unknown verdicts in nf_reinject) was a partial fix to packet leaks. If user asks NF_STOLEN status, we must free the skb as well. Reported-by: Afi Gjermund <afigjermund@gmail.com> Signed-off-by: Eric DUmazet <eric.dumazet@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>

netfilter: nf_queue: fix NF_STOLEN skb leak
commit 3bc38712 (handle NF_STOP and unknown verdicts in nf_reinject) was a partial fix to packet leaks. If user asks NF_STOLEN status, we must free the skb as well. Reported-by: Afi Gjermund <afigjermund@gmail.com> Signed-off-by: Eric DUmazet <eric.dumazet@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
64507fdb · Eric Dumazet · Patrick McHardy · a88e22ad · 64507fdb
Commit 64507fdb authored Feb 19, 2010 by Eric Dumazet Committed by Patrick McHardy Feb 19, 2010
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

net/netfilter/nf_queue.c net/netfilter/nf_queue.c +1 -1

No files found.
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -265,7 +265,6 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
 		local_bh_disable();
 		entry->okfn(skb);
 		local_bh_enable();
-	case NF_STOLEN:
 		break;
 	case NF_QUEUE:
 		if (!__nf_queue(skb, elem, entry->pf, entry->hook,
@@ -273,6 +272,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
 				verdict >> NF_VERDICT_BITS))
 			goto next_hook;
 		break;
+	case NF_STOLEN:
 	default:
 		kfree_skb(skb);
 	}