netfilter: ipv6: nf_defrag: fix leakage of unqueued fragments

[linux-2.6-microblaze.git] / net / ipv6 / netfilter / nf_conntrack_reasm.c

diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 3de0e9b..5b3f65e 100644 (file)
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -293,7 +293,11 @@ static int nf_ct_frag6_queue(struct frag_queue *fq, struct sk_buff *skb,
                skb->_skb_refdst = 0UL;
                err = nf_ct_frag6_reasm(fq, skb, prev, dev);
                skb->_skb_refdst = orefdst;
-               return err;
+
+               /* After queue has assumed skb ownership, only 0 or
+                * -EINPROGRESS must be returned.
+                */
+               return err ? -EINPROGRESS : 0;
        }
 
        skb_dst_drop(skb);
@@ -480,12 +484,6 @@ int nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user)
                ret = 0;
        }
 
-       /* after queue has assumed skb ownership, only 0 or -EINPROGRESS
-        * must be returned.
-        */
-       if (ret)
-               ret = -EINPROGRESS;
-
        spin_unlock_bh(&fq->q.lock);
        inet_frag_put(&fq->q);
        return ret;