Commit 7d70984a authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nft_connlimit: memleak if nf_ct_netns_get() fails 



Check if nf_ct_netns_get() fails then release the limit object
previously allocated via kmalloc().

Fixes: 37f319f3 ("netfilter: nft_connlimit: move stateful fields out of expression data")
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent fe75e84a

net/netfilter/nft_connlimit.c

+10 −1
Original line number Diff line number Diff line
@@ -62,6 +62,7 @@ static int nft_connlimit_do_init(const struct nft_ctx *ctx, 
{

	bool invert = false;

	u32 flags, limit;

	int err;



	if (!tb[NFTA_CONNLIMIT_COUNT])

		return -EINVAL;
@@ -84,7 +85,15 @@ static int nft_connlimit_do_init(const struct nft_ctx *ctx, 
	priv->limit	= limit;

	priv->invert	= invert;



	return nf_ct_netns_get(ctx->net, ctx->family);

	err = nf_ct_netns_get(ctx->net, ctx->family);

	if (err < 0)

		goto err_netns;



	return 0;

err_netns:

	kfree(priv->list);



	return err;

}



static void nft_connlimit_do_destroy(const struct nft_ctx *ctx,