From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org
Subject: [PATCH 04/11] netfilter: nf_tables: fix userdata memleak
Date: Sun, 4 Oct 2020 21:49:33 +0200 [thread overview]
Message-ID: <20201004194940.7368-5-pablo@netfilter.org> (raw)
In-Reply-To: <20201004194940.7368-1-pablo@netfilter.org>
From: "Jose M. Guisado Gomez" <guigom@riseup.net>
When userdata was introduced for tables and objects its allocation was
only freed inside the error path of the new{table, object} functions.
Free user data inside corresponding destroy functions for tables and
objects.
Fixes: b131c96496b3 ("netfilter: nf_tables: add userdata support for nft_object")
Fixes: 7a81575b806e ("netfilter: nf_tables: add userdata attributes to nft_table")
Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_tables_api.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 84c0c1aaae99..b3c3c3fc1969 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1211,6 +1211,7 @@ static void nf_tables_table_destroy(struct nft_ctx *ctx)
rhltable_destroy(&ctx->table->chains_ht);
kfree(ctx->table->name);
+ kfree(ctx->table->udata);
kfree(ctx->table);
}
@@ -6231,6 +6232,7 @@ static void nft_obj_destroy(const struct nft_ctx *ctx, struct nft_object *obj)
module_put(obj->ops->type->owner);
kfree(obj->key.name);
+ kfree(obj->udata);
kfree(obj);
}
--
2.20.1
next prev parent reply other threads:[~2020-10-04 19:50 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-04 19:49 [PATCH 00/11] Netfilter updates for net-next Pablo Neira Ayuso
2020-10-04 19:49 ` [PATCH 01/11] netfilter: conntrack: proc: rename stat column Pablo Neira Ayuso
2020-10-04 19:49 ` [PATCH 02/11] netfilter: nf_tables: Remove ununsed function nft_data_debug Pablo Neira Ayuso
2020-10-04 19:49 ` [PATCH 03/11] ipvs: Remove unused macros Pablo Neira Ayuso
2020-10-04 19:49 ` Pablo Neira Ayuso [this message]
2020-10-04 19:49 ` [PATCH 05/11] netfilter: nf_tables: use nla_memdup to copy udata Pablo Neira Ayuso
2020-10-04 19:49 ` [PATCH 06/11] netfilter: nf_tables: add userdata attributes to nft_chain Pablo Neira Ayuso
2020-10-04 19:49 ` [PATCH 07/11] netfilter: nf_tables_offload: Remove unused macro FLOW_SETUP_BLOCK Pablo Neira Ayuso
2020-10-04 19:49 ` [PATCH 08/11] netfilter: ipset: enable memory accounting for ipset allocations Pablo Neira Ayuso
2020-10-04 19:49 ` [PATCH 09/11] netfilter: nfnetlink: place subsys mutexes in distinct lockdep classes Pablo Neira Ayuso
2020-10-04 19:49 ` [PATCH 10/11] netfilter: nf_tables: Enable fast nft_cmp for inverted matches Pablo Neira Ayuso
2020-10-04 19:49 ` [PATCH 11/11] netfilter: nf_tables: Implement fast bitwise expression Pablo Neira Ayuso
2020-10-04 21:36 ` [PATCH 00/11] Netfilter updates for net-next David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201004194940.7368-5-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).