* [PATCH] Netfilter: SNMP NAT helper: fix memleak snmp_object_decode
@ 2006-05-22 22:40 Chris Wright
2006-05-23 9:31 ` Patrick McHardy
0 siblings, 1 reply; 2+ messages in thread
From: Chris Wright @ 2006-05-22 22:40 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel
If kmalloc fails, error path leaks data allocated from asn1_oid_decode().
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
---
net/ipv4/netfilter/ip_nat_snmp_basic.c | 1 +
1 file changed, 1 insertion(+)
--- linus-2.6.orig/net/ipv4/netfilter/ip_nat_snmp_basic.c
+++ linus-2.6/net/ipv4/netfilter/ip_nat_snmp_basic.c
@@ -768,6 +768,7 @@ static unsigned char snmp_object_decode(
len *= sizeof(unsigned long);
*obj = kmalloc(sizeof(struct snmp_object) + len, GFP_ATOMIC);
if (*obj == NULL) {
+ kfree(lp);
kfree(id);
if (net_ratelimit())
printk("OOM in bsalg (%d)\n", __LINE__);
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] Netfilter: SNMP NAT helper: fix memleak snmp_object_decode
2006-05-22 22:40 [PATCH] Netfilter: SNMP NAT helper: fix memleak snmp_object_decode Chris Wright
@ 2006-05-23 9:31 ` Patrick McHardy
0 siblings, 0 replies; 2+ messages in thread
From: Patrick McHardy @ 2006-05-23 9:31 UTC (permalink / raw)
To: Chris Wright; +Cc: netfilter-devel
Chris Wright wrote:
> If kmalloc fails, error path leaks data allocated from asn1_oid_decode().
Thanks Chris, applied. "len" can't exceed the real packets length, so
I don't think this can really be triggered remotely. Feel free to add
to -stable though.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-05-23 9:31 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-05-22 22:40 [PATCH] Netfilter: SNMP NAT helper: fix memleak snmp_object_decode Chris Wright
2006-05-23 9:31 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.