From 2364018d031ff8ed14ac1bf7b2841983729568d9 Mon Sep 17 00:00:00 2001
From: nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Tue, 23 Dec 2008 12:22:22 +0000
Subject: [PATCH] backport ipv6 security fix to 2.4 (#4245)

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13734 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 .../patches/900-CVE-2008-2136.patch           | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 target/linux/generic-2.4/patches/900-CVE-2008-2136.patch

diff --git a/target/linux/generic-2.4/patches/900-CVE-2008-2136.patch b/target/linux/generic-2.4/patches/900-CVE-2008-2136.patch
new file mode 100644
index 000000000..8e8be488d
--- /dev/null
+++ b/target/linux/generic-2.4/patches/900-CVE-2008-2136.patch
@@ -0,0 +1,26 @@
+Backport of:
+
+From: David S. Miller <davem@davemloft.net>
+Date: Fri, 9 May 2008 06:40:26 +0000 (-0700)
+Subject: sit: Add missing kfree_skb() on pskb_may_pull() failure.
+X-Git-Tag: v2.6.26-rc2~19^2
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=36ca34cc3b8335eb1fe8bd9a1d0a2592980c3f02
+
+sit: Add missing kfree_skb() on pskb_may_pull() failure.
+
+Noticed by Paul Marks <paul@pmarks.net>.
+
+Signed-off-by: David S. Miller <davem@davemloft.net>
+--- a/net/ipv6/sit.c
++++ b/net/ipv6/sit.c
+@@ -410,9 +410,9 @@ int ipip6_rcv(struct sk_buff *skb)
+ 	}
+ 
+ 	icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PROT_UNREACH, 0);
+-	kfree_skb(skb);
+ 	read_unlock(&ipip6_lock);
+ out:
++	kfree_skb(skb);
+ 	return 0;
+ }
+ 
-- 
2.20.1