Hi Dave, please apply. [NETFILTER] fix conntrack refcount leak in unlink_expect()
In unlink_expect(), the expectation is removed from the list so the
refcount must be dropped as well.
Signed-off-by: Pablo Neira Ayuso <[EMAIL PROTECTED]>
Signed-off-by: Harald Welte <[EMAIL PROTECTED]>
---
commit ed8612c164a21e71cf6139c4e67a98b7a417b1cb
tree 4d4493874742690f9d997c4846a7e4b6becf3da2
parent 1d35273dd7935f4b6a64f3526d85c5df9ba254de
author Harald Welte <[EMAIL PROTECTED]> Fr, 05 Aug 2005 15:19:35 +0200
committer Harald Welte <[EMAIL PROTECTED]> Fr, 05 Aug 2005 15:19:35 +0200
net/ipv4/netfilter/ip_conntrack_core.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c
b/net/ipv4/netfilter/ip_conntrack_core.c
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -204,6 +204,7 @@ static void unlink_expect(struct ip_conn
list_del(&exp->list);
CONNTRACK_STAT_INC(expect_delete);
exp->master->expecting--;
+ ip_conntrack_expect_put(exp);
}
void __ip_ct_expect_unlink_destroy(struct ip_conntrack_expect *exp)
--
- Harald Welte <[EMAIL PROTECTED]> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
pgpdrj9qhGMfZ.pgp
Description: PGP signature
