Base chains are containers of the chain object, kfree was
receiving the wrong memory address in that case.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
net/netfilter/nf_tables_api.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 91cba3b..f2d7f93 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1004,10 +1004,11 @@ static void nf_tables_rcu_chain_destroy(struct rcu_head *head)
BUG_ON(chain->use > 0);
- if (chain->flags & NFT_BASE_CHAIN)
+ if (chain->flags & NFT_BASE_CHAIN) {
free_percpu(nft_base_chain(chain)->stats);
-
- kfree(chain);
+ kfree(nft_base_chain(chain));
+ } else
+ kfree(chain);
}
static int nf_tables_delchain(struct sock *nlsk, struct sk_buff *skb,
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
