From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [nft PATCH 02/10] parser_json: Fix for memleak in tcp option error path
Date: Fri, 11 Jun 2021 18:40:56 +0200 [thread overview]
Message-ID: <20210611164104.8121-3-phil@nwl.cc> (raw)
In-Reply-To: <20210611164104.8121-1-phil@nwl.cc>
If 'kind' value is invalid, the function returned without freeing 'expr'
first. Fix this by performing the check before allocation.
Fixes: cb21869649208 ("json: tcp: add raw tcp option match support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/parser_json.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/parser_json.c b/src/parser_json.c
index e6a0233ab6ce3..bb0e4169b477d 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -603,12 +603,12 @@ static struct expr *json_parse_tcp_option_expr(struct json_ctx *ctx,
"base", &kind, "offset", &offset, "len", &len)) {
uint32_t flag = 0;
- expr = tcpopt_expr_alloc(int_loc, kind,
- TCPOPT_COMMON_KIND);
-
if (kind < 0 || kind > 255)
return NULL;
+ expr = tcpopt_expr_alloc(int_loc, kind,
+ TCPOPT_COMMON_KIND);
+
if (offset == TCPOPT_COMMON_KIND && len == 8)
flag = NFT_EXTHDR_F_PRESENT;
--
2.31.1
next prev parent reply other threads:[~2021-06-11 16:41 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-11 16:40 [nft PATCH 00/10] Some covscan fixes Phil Sutter
2021-06-11 16:40 ` [nft PATCH 01/10] parser_bison: Fix for implicit declaration of isalnum Phil Sutter
2021-06-11 16:40 ` Phil Sutter [this message]
2021-06-11 16:40 ` [nft PATCH 03/10] evaluate: Mark fall through case in str2hooknum() Phil Sutter
2021-06-11 16:40 ` [nft PATCH 04/10] json: Drop pointless assignment in exthdr_expr_json() Phil Sutter
2021-06-11 16:40 ` [nft PATCH 05/10] netlink: Avoid memleak in error path of netlink_delinearize_set() Phil Sutter
2021-06-11 16:41 ` [nft PATCH 06/10] netlink: Avoid memleak in error path of netlink_delinearize_chain() Phil Sutter
2021-06-11 16:41 ` [nft PATCH 07/10] netlink: Avoid memleak in error path of netlink_delinearize_table() Phil Sutter
2021-06-11 16:41 ` [nft PATCH 08/10] netlink: Avoid memleak in error path of netlink_delinearize_obj() Phil Sutter
2021-06-11 16:41 ` [nft PATCH 09/10] netlink_delinearize: Fix suspicious calloc() call Phil Sutter
2021-06-11 16:41 ` [nft PATCH 10/10] rule: Fix for potential off-by-one in cmd_add_loc() Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210611164104.8121-3-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).