Commit 7eaf837a authored by Quan Tian's avatar Quan Tian Committed by Pablo Neira Ayuso
Browse files

netfilter: nf_tables: Fix a memory leak in nf_tables_updchain 



If nft_netdev_register_hooks() fails, the memory associated with
nft_stats is not freed, causing a memory leak.

This patch fixes it by moving nft_stats_alloc() down after
nft_netdev_register_hooks() succeeds.

Fixes: b9703ed4 ("netfilter: nf_tables: support for adding new devices to an existing netdev chain")
Signed-off-by: default avatarQuan Tian <tianquan23@gmail.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 4a0e7f2d

net/netfilter/nf_tables_api.c

+14 −13
Original line number Diff line number Diff line
@@ -2631,19 +2631,6 @@ static int nf_tables_updchain(struct nft_ctx *ctx, u8 genmask, u8 policy, 
		}

	}



	if (nla[NFTA_CHAIN_COUNTERS]) {

		if (!nft_is_base_chain(chain)) {

			err = -EOPNOTSUPP;

			goto err_hooks;

		}



		stats = nft_stats_alloc(nla[NFTA_CHAIN_COUNTERS]);

		if (IS_ERR(stats)) {

			err = PTR_ERR(stats);

			goto err_hooks;

		}

	}



	if (!(table->flags & NFT_TABLE_F_DORMANT) &&

	    nft_is_base_chain(chain) &&

	    !list_empty(&hook.list)) {
@@ -2658,6 +2645,20 @@ static int nf_tables_updchain(struct nft_ctx *ctx, u8 genmask, u8 policy, 
	}



	unregister = true;



	if (nla[NFTA_CHAIN_COUNTERS]) {

		if (!nft_is_base_chain(chain)) {

			err = -EOPNOTSUPP;

			goto err_hooks;

		}



		stats = nft_stats_alloc(nla[NFTA_CHAIN_COUNTERS]);

		if (IS_ERR(stats)) {

			err = PTR_ERR(stats);

			goto err_hooks;

		}

	}



	err = -ENOMEM;

	trans = nft_trans_alloc(ctx, NFT_MSG_NEWCHAIN,

				sizeof(struct nft_trans_chain));