hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

netfilter: nft_connlimit: memleak if nf_ct_netns_get() fails 

Check if nf_ct_netns_get() fails then release the limit object
previously allocated via kmalloc().

Fixes: 37f319f37d ("netfilter: nft_connlimit: move stateful fields out of expression data")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso 2022-01-13 12:22:38 +01:00
parent fe75e84a8f
commit 7d70984a1a
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
net/netfilter/nft_connlimit.c
View File

@ -62,6 +62,7 @@ static int nft_connlimit_do_init(const struct nft_ctx *ctx,
{
bool invert = false;
u32 flags, limit;
int err;
if (!tb[NFTA_CONNLIMIT_COUNT])
return -EINVAL;
@ -84,7 +85,15 @@ static int nft_connlimit_do_init(const struct nft_ctx *ctx,
priv->limit = limit;
priv->invert = invert;
return nf_ct_netns_get(ctx->net, ctx->family);
err = nf_ct_netns_get(ctx->net, ctx->family);
if (err < 0)
goto err_netns;
return 0;
err_netns:
kfree(priv->list);
return err;
}
static void nft_connlimit_do_destroy(const struct nft_ctx *ctx,