| From stable-bounces@linux.kernel.org Tue Jul 24 21:47:13 2007 |
| From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
| Date: Tue, 24 Jul 2007 21:47:05 -0700 (PDT) |
| Subject: Fix TCP IPV6 MD5 bug. |
| To: stable@kernel.org |
| Cc: bunk@stusta.de |
| Message-ID: <20070724.214705.15264479.davem@davemloft.net> |
| |
| From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
| |
| [TCPv6] MD5SIG: Ensure to reset allocation count to avoid panic. |
| |
| After clearing all passwords for IPv6 peers, we need to |
| set allocation count to zero as well as we free the storage. |
| Otherwise, we panic when a user trys to (re)add a password. |
| |
| Discovered and fixed by MIYAJIMA Mitsuharu <miyajima.mitsuharu@anchor.jp>. |
| |
| Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| net/ipv6/tcp_ipv6.c | 1 + |
| 1 file changed, 1 insertion(+) |
| |
| --- a/net/ipv6/tcp_ipv6.c |
| +++ b/net/ipv6/tcp_ipv6.c |
| @@ -644,6 +644,7 @@ static int tcp_v6_md5_do_del(struct sock |
| if (tp->md5sig_info->entries6 == 0) { |
| kfree(tp->md5sig_info->keys6); |
| tp->md5sig_info->keys6 = NULL; |
| + tp->md5sig_info->alloced6 = 0; |
| |
| tcp_free_md5sig_pool(); |
| |