[Devel] [PATCH rh7] ms/netfilter: nf_tables: fix memory leak if expr init fails
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Wed Jun 15 11:36:24 MSK 2022
On 14.06.2022 22:55, Konstantin Khorenko wrote:
> From: Liping Zhang <liping.zhang at spreadtrum.com>
>
> If expr init fails then we need to free it.
>
> So when the user add a nft rule as follows:
>
> # nft add rule filter input tcp dport 22 flow table ssh \
> { ip saddr limit rate 0/second }
>
> memory leak will happen.
>
> Signed-off-by: Liping Zhang <liping.zhang at spreadtrum.com>
> Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
>
> (cherry picked from ms commit 6cafaf4764a32597c2195aa5411b87728e1fde8a)
Reviewed-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
> ---
> net/netfilter/nf_tables_api.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> index afada68cac7e..523024c94008 100644
> --- a/net/netfilter/nf_tables_api.c
> +++ b/net/netfilter/nf_tables_api.c
> @@ -1763,9 +1763,11 @@ struct nft_expr *nft_expr_init(const struct nft_ctx *ctx,
>
> err = nf_tables_newexpr(ctx, &info, expr);
> if (err < 0)
> - goto err2;
> + goto err3;
>
> return expr;
> +err3:
> + kfree(expr);
> err2:
> module_put(info.ops->type->owner);
> err1:
--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.
More information about the Devel
mailing list