Re: [9/*] [IPSEC] Check dst validity harder in xfrm_bundle_ok
From: "David S. Miller" <davem@davemloft.net>
Date: 2005-03-07 17:32:09
On Mon, 7 Mar 2005 21:35:36 +1100 Herbert Xu [off-list ref] wrote:
There is another bug in xfrm_bundle_ok where I forgot to check the validity of xdst->route. In fact, the check on dst->path isn't strong enough either. For IPv6 entries, dst->path->obsolete is always negative until you call ipv6_dst_check. So we really need to do that here. Here's the patch to fix those two problems. Yes I know my dst_check implementation is lame. I'll come back and fix up all the dst_check functions by moving their dst_release calls out. It proves that you were right in that IPv6 dst leak thread :) Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Applied, thanks Herbert.