From: pablo@netfilter.org
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 06/18] netfilter: nf_conntrack: fix memory leak if sysctl registration fails
Date: Fri, 6 Jul 2012 13:16:56 +0200 [thread overview]
Message-ID: <1341573428-3204-7-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1341573428-3204-1-git-send-email-pablo@netfilter.org>
From: Gao feng <gaofeng@cn.fujitsu.com>
In nf_ct_l4proto_register_sysctl, if l4proto sysctl registration
fails, we have to make sure that we release the compat sysctl
table.
This can happen if TCP has been registered compat for IPv4, and
IPv6 compat registration fails.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_conntrack_proto.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
index 63612e6..21b850c 100644
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_conntrack_proto.c
@@ -341,11 +341,14 @@ int nf_ct_l4proto_register_sysctl(struct net *net,
kfree(pn->ctl_table);
pn->ctl_table = NULL;
}
- goto out;
}
}
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
if (l4proto->l3proto != AF_INET6 && pn->ctl_compat_table != NULL) {
+ if (err < 0) {
+ nf_ct_kfree_compat_sysctl_table(pn);
+ goto out;
+ }
err = nf_ct_register_sysctl(net,
&pn->ctl_compat_header,
"net/ipv4/netfilter",
@@ -358,8 +361,8 @@ int nf_ct_l4proto_register_sysctl(struct net *net,
&pn->ctl_table,
pn->users);
}
-#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
out:
+#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
#endif /* CONFIG_SYSCTL */
return err;
}
--
1.7.10
next prev parent reply other threads:[~2012-07-06 11:19 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-06 11:16 [PATCH 00/18] netfilter updates for net-next (upcoming 3.6), batch 5 pablo
2012-07-06 11:16 ` [PATCH 01/18] netfilter: ctnetlink: add new messages to obtain statistics pablo
2012-07-06 11:16 ` [PATCH 02/18] netfilter: nf_conntrack: fix nf_conntrack_l3proto_register pablo
2012-07-06 11:16 ` [PATCH 03/18] netfilter: nf_conntrack: prepare l4proto->init_net cleanup pablo
2012-07-06 11:16 ` [PATCH 04/18] netfilter: nf_conntrack: add nf_ct_kfree_compat_sysctl_table pablo
2012-07-06 11:16 ` [PATCH 05/18] netfilter: nf_conntrack: use l4proto->users as refcount for per-net data pablo
2012-07-06 11:16 ` pablo [this message]
2012-07-06 11:16 ` [PATCH 07/18] netfilter: nf_ct_tcp: merge tcpv[4,6]_net_init into tcp_net_init pablo
2012-07-06 11:16 ` [PATCH 08/18] netfilter: nf_ct_udp: merge udpv[4,6]_net_init into udp_net_init pablo
2012-07-06 11:16 ` [PATCH 09/18] netfilter: nf_ct_udplite: add udplite_kmemdup_sysctl_table function pablo
2012-07-06 11:17 ` [PATCH 10/18] netfilter: nf_ct_sctp: merge sctpv[4,6]_net_init into sctp_net_init pablo
2012-07-06 11:17 ` [PATCH 11/18] netfilter: nf_ct_generic: add generic_kmemdup_sysctl_table function pablo
2012-07-06 11:17 ` [PATCH 12/18] netfilter: nf_ct_dccp: add dccp_kmemdup_sysctl_table function pablo
2012-07-06 11:17 ` [PATCH 13/18] netfilter: nf_ct_icmp: add icmp_kmemdup[_compat]_sysctl_table function pablo
2012-07-06 11:17 ` [PATCH 14/18] netfilter: nf_ct_icmpv6: add icmpv6_kmemdup_sysctl_table function pablo
2012-07-06 11:17 ` [PATCH 15/18] netfilter: nf_conntrack: generalize nf_ct_l4proto_net pablo
2012-07-06 11:17 ` [PATCH 16/18] netfilter: nf_ct_tcp: missing per-net support for cttimeout pablo
2012-07-06 11:17 ` [PATCH 17/18] netfilter: nfnetlink: check callbacks before using those in nfnetlink_rcv_msg pablo
2012-07-06 11:17 ` [PATCH 18/18] netfilter: nfnetlink_queue: do not allow to set unsupported flag bits pablo
2012-07-07 23:23 ` [PATCH 00/18] netfilter updates for net-next (upcoming 3.6), batch 5 David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1341573428-3204-7-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).