On Sun, Mar 19, 2017 at 10:36:01PM +0800, Liping Zhang wrote: > From: Liping Zhang <zlpnobody@xxxxxxxxx> > > When invoke nfnl_cthelper_update, we will malloc a new expect_policy, > then only point the helper->expect_policy to the new one but ignore > the old one, so it will be leaked forever. > > Another issue is that the user can modify the expect_class_max to a > new value, for example, decrease the expect_class_max from 3 to 0. If the code is allowing this, we should fix it since this is not valid. We cannot change the number of classes once the helper has been created. Users may update the maximum number of expectations and its timeout per policy, but not the number of classes once this has been created. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
