[PATCH nf 1/1] netfilter: ctlink: Fix one possible memleak in nfnl_cthelper_create

[fgao@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]

From: Gao Feng <fgao@xxxxxxxxxx>

When nf_conntrack_helper_register failed, the error handler just frees
the helper, but it does not free the helper->expect_policy which is
allocated in nfnl_cthelper_parse_expect_policy.

Signed-off-by: Gao Feng <fgao@xxxxxxxxxx>
---
 net/netfilter/nfnetlink_cthelper.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/nfnetlink_cthelper.c b/net/netfilter/nfnetlink_cthelper.c
index de87823..f0241a1 100644
--- a/net/netfilter/nfnetlink_cthelper.c
+++ b/net/netfilter/nfnetlink_cthelper.c
@@ -214,7 +214,7 @@
 
 	ret = nfnl_cthelper_parse_expect_policy(helper, tb[NFCTH_POLICY]);
 	if (ret < 0)
-		goto err;
+		goto err1;
 
 	strncpy(helper->name, nla_data(tb[NFCTH_NAME]), NF_CT_HELPER_NAME_LEN);
 	helper->data_len = ntohl(nla_get_be32(tb[NFCTH_PRIV_DATA_LEN]));
@@ -245,10 +245,12 @@
 
 	ret = nf_conntrack_helper_register(helper);
 	if (ret < 0)
-		goto err;
+		goto err2;
 
 	return 0;
-err:
+err2:
+	kfree(helper->expect_policy);
+err1:
 	kfree(helper);
 	return ret;
 }
-- 
1.9.1


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html