[IPV6] TCPMD5: Fix deleting key operation. Due to the bug, refcnt for md5sig pool was leaked when an user try to delete a key if we have more than one key. In addition to the leakage, we returned incorrect return result value for userspace. This fix should close Bug #9418, reported by <[email protected]>. Signed-off-by: YOSHIFUJI Hideaki <[email protected]> Signed-off-by: David S. Miller <[email protected]>

commit: 77adefdc9863d63f8d8bdc6a9adcdf9a6b0e2410 [log] [tgz]
author: YOSHIFUJI Hideaki <[email protected]> Tue Nov 20 17:31:23 2007 -0800
committer: David S. Miller <[email protected]> Tue Nov 20 17:31:23 2007 -0800
tree: 4fe2532ad5ab2e9db497cf416acd5db634a4cd6a
parent: aacbe8c8800adfea42eb754396c6ebcd992cb36a [diff] [blame]
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index b1bfbdd..93980c3 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c

@@ -637,10 +637,6 @@
 				kfree(tp->md5sig_info->keys6);
 				tp->md5sig_info->keys6 = NULL;
 				tp->md5sig_info->alloced6 = 0;
-
-				tcp_free_md5sig_pool();
-
-				return 0;
 			} else {
 				/* shrink the database */
 				if (tp->md5sig_info->entries6 != i)
@@ -649,6 +645,8 @@
 						(tp->md5sig_info->entries6 - i)
 						* sizeof (tp->md5sig_info->keys6[0]));
 			}
+			tcp_free_md5sig_pool();
+			return 0;
 		}
 	}
 	return -ENOENT;
commit	77adefdc9863d63f8d8bdc6a9adcdf9a6b0e2410	[log] [tgz]
author	YOSHIFUJI Hideaki <[email protected]>	Tue Nov 20 17:31:23 2007 -0800
committer	David S. Miller <[email protected]>	Tue Nov 20 17:31:23 2007 -0800
tree	4fe2532ad5ab2e9db497cf416acd5db634a4cd6a
parent	aacbe8c8800adfea42eb754396c6ebcd992cb36a [diff] [blame]