Re: [PATCH nf 4/5] netfilter: nfnl_cthelper: fix memory leak when do update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Mar 19, 2017 at 10:36:01PM +0800, Liping Zhang wrote:
> From: Liping Zhang <zlpnobody@xxxxxxxxx>
> 
> When invoke nfnl_cthelper_update, we will malloc a new expect_policy,
> then only point the helper->expect_policy to the new one but ignore
> the old one, so it will be leaked forever.
> 
> Another issue is that the user can modify the expect_class_max to a
> new value, for example, decrease the expect_class_max from 3 to 0.

If the code is allowing this, we should fix it since this is not
valid. We cannot change the number of classes once the helper has been
created.

Users may update the maximum number of expectations and its timeout
per policy, but not the number of classes once this has been created.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux