[PATCH nft] netlink: release dummy rule object from netlink_parse_set_expr()

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nft] netlink: release dummy rule object from netlink_parse_set_expr()
Date: Sun,  7 Jun 2020 18:21:12 +0200	[thread overview]
Message-ID: <20200607162112.13486-2-pablo@netfilter.org> (raw)
In-Reply-To: <20200607162112.13486-1-pablo@netfilter.org>

netlink_parse_set_expr() creates a dummy rule object to reuse the
existing netlink parser. Release the rule object to fix a memleak.
Zap the statement list to avoid a use-after-free since the statement
needs to remain in place after releasing the rule.

==21601==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 2016 byte(s) in 4 object(s) allocated from:
    #0 0x7f7824b26330 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9330)
    #1 0x7f78245fcebd in xmalloc /home/pablo/devel/scm/git-netfilter/nftables/src/utils.c:36
    #2 0x7f78245fd016 in xzalloc /home/pablo/devel/scm/git-netfilter/nftables/src/utils.c:65
    #3 0x7f782456f0b5 in rule_alloc /home/pablo/devel/scm/git-netfilter/nftables/src/rule.c:623

Add a test to check for set counters.

SUMMARY: AddressSanitizer: 2016 byte(s) leaked in 4 allocation(s).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/netlink_delinearize.c                      |  8 +++++++-
 tests/shell/testcases/sets/0048set_counters_0  | 18 ++++++++++++++++++
 .../sets/dumps/0048set_counters_0.nft          | 13 +++++++++++++
 3 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100755 tests/shell/testcases/sets/0048set_counters_0
 create mode 100644 tests/shell/testcases/sets/dumps/0048set_counters_0.nft

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 7f7ad2626e14..8de4830c4f80 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1682,13 +1682,19 @@ struct stmt *netlink_parse_set_expr(const struct set *set,
 				    const struct nftnl_expr *nle)
 {
 	struct netlink_parse_ctx ctx, *pctx = &ctx;
+	struct handle h = {};
 
-	pctx->rule = rule_alloc(&netlink_location, &set->handle);
+	handle_merge(&h, &set->handle);
+	pctx->rule = rule_alloc(&netlink_location, &h);
 	pctx->table = table_lookup(&set->handle, cache);
 	assert(pctx->table != NULL);
 
 	if (netlink_parse_expr(nle, pctx) < 0)
 		return NULL;
+
+	init_list_head(&pctx->rule->stmts);
+	rule_free(pctx->rule);
+
 	return pctx->stmt;
 }
 
diff --git a/tests/shell/testcases/sets/0048set_counters_0 b/tests/shell/testcases/sets/0048set_counters_0
new file mode 100755
index 000000000000..e62d25df799c
--- /dev/null
+++ b/tests/shell/testcases/sets/0048set_counters_0
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -e
+
+EXPECTED="table ip x {
+          set y {
+                  typeof ip saddr
+                  counter
+                  elements = { 192.168.10.35, 192.168.10.101, 192.168.10.135 }
+          }
+
+          chain z {
+                  type filter hook output priority filter; policy accept;
+                  ip daddr @y
+          }
+}"
+
+$NFT -f - <<< "$EXPECTED"
diff --git a/tests/shell/testcases/sets/dumps/0048set_counters_0.nft b/tests/shell/testcases/sets/dumps/0048set_counters_0.nft
new file mode 100644
index 000000000000..2145f6b11b88
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0048set_counters_0.nft
@@ -0,0 +1,13 @@
+table ip x {
+	set y {
+		typeof ip saddr
+		counter
+		elements = { 192.168.10.35 counter packets 0 bytes 0, 192.168.10.101 counter packets 0 bytes 0,
+			     192.168.10.135 counter packets 0 bytes 0 }
+	}
+
+	chain z {
+		type filter hook output priority filter; policy accept;
+		ip daddr @y
+	}
+}
-- 
2.20.1

     prev parent reply	other threads:[~2020-06-07 16:21 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-07 16:21 [PATCH nft] evaluate: remove superfluous check in set_evaluate() Pablo Neira Ayuso
2020-06-07 16:21 ` Pablo Neira Ayuso [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7f7ad2626e1 dfblob:8de4830c4f8 dfblob:e62d25df799
dfblob:2145f6b11b8 )
 OR (
bs:"[PATCH nft] netlink: release dummy rule object from netlink_parse_set_expr()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200607162112.13486-2-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).