[PATCH 2/3] refcount leak of proto when ctnetlink dumping tuple

[PATCH 2/3] refcount leak of proto when ctnetlink dumping tuple

[Yasuyuki KOZAKAI]

[-- Attachment #1: Type: Text/Plain, Size: 67 bytes --]


Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>


[-- Attachment #2: 02-ctnl-refcnt.patch --]
[-- Type: Text/Plain, Size: 1343 bytes --]

[NETFILTER] refcount leak of proto when ctnetlink dumping tuple

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>

---
commit 3a4486b6419a1f25324bb4280d51f5c77b1117f7
tree 88b1831d06e21417baca01d1632131d96e3be611
parent 61a002f080c6473da94f28314502ff0f15fe3625
author Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Fri, 04 Nov 2005 14:35:27 +0900
committer Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Fri, 04 Nov 2005 14:35:27 +0900

 net/ipv4/netfilter/ip_conntrack_netlink.c |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -58,14 +58,17 @@ ctnetlink_dump_tuples_proto(struct sk_bu
 			    const struct ip_conntrack_tuple *tuple)
 {
 	struct ip_conntrack_protocol *proto;
+	int ret = 0;
 
 	NFA_PUT(skb, CTA_PROTO_NUM, sizeof(u_int8_t), &tuple->dst.protonum);
 
 	proto = ip_conntrack_proto_find_get(tuple->dst.protonum);
-	if (proto && proto->tuple_to_nfattr)
-		return proto->tuple_to_nfattr(skb, tuple);
+	if (likely(proto && proto->tuple_to_nfattr)) {
+		ret = proto->tuple_to_nfattr(skb, tuple);
+		ip_conntrack_proto_put(proto);
+	}
 
-	return 0;
+	return ret;
 
 nfattr_failure:
 	return -1;

Re: [PATCH 2/3] refcount leak of proto when ctnetlink dumping tuple

[Pablo Neira]

Yasuyuki KOZAKAI wrote:
> Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
> 
> 
> ------------------------------------------------------------------------
> 
> [NETFILTER] refcount leak of proto when ctnetlink dumping tuple
> 
> Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>

Thanks a lot for all the fixes. I've been busy fixing bugs in the
userspace part :(. BTW, I think that this patch fixes the bug reported
at dumping (Krzysztof).

As I told you during the workshop, I'll send a patch with the ctnetlink
port for nfnetlink asap.

-- 
Pablo

Re: [PATCH 2/3] refcount leak of proto when ctnetlink dumping tuple

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 789 bytes --]

On Fri, Nov 04, 2005 at 06:41:25PM +0100, Pablo Neira wrote:

> As I told you during the workshop, I'll send a patch with the ctnetlink
> port for nfnetlink asap.

I guess you meant nf_conntrack?  that's really great.  I fixed one
additional bug in libnetfilter_conntrack with regard to ipv6 earlier, so
there's hope we can keep the userspace library for both
ip_conntrack/nf_conntrack without any changes.

-- 
- Harald Welte <laforge@netfilter.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]