[nft PATCH] netlink_delinearize: Fix resource leaks

Phil Sutter <phil@xxxxxx> · Wed, 28 Feb 2018 16:05:30 +0100

These were detected by Coverity tool. All but one case happen in error
path - the regular one is in netlink_parse_hash() if sreg contains a
concatenated expression.

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 src/netlink_delinearize.c | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index a1f0e92310462..d06b227eb9924 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -558,22 +558,27 @@ static void netlink_parse_hash(struct netlink_parse_ctx *ctx,
 		sreg = netlink_parse_register(nle, NFTNL_EXPR_HASH_SREG);
 		hexpr = netlink_get_register(ctx, loc, sreg);
 
-		if (hexpr == NULL)
-			return
+		if (hexpr == NULL) {
 			netlink_error(ctx, loc,
 				      "hash statement has no expression");
+			goto out_err;
+		}
 		len = nftnl_expr_get_u32(nle,
 					 NFTNL_EXPR_HASH_LEN) * BITS_PER_BYTE;
 		if (hexpr->len < len) {
+			xfree(hexpr);
 			hexpr = netlink_parse_concat_expr(ctx, loc, sreg, len);
 			if (hexpr == NULL)
-				return;
+				goto out_err;
 		}
 		expr->hash.expr = hexpr;
 	}
 
 	dreg = netlink_parse_register(nle, NFTNL_EXPR_HASH_DREG);
 	netlink_set_register(ctx, dreg, expr);
+
+out_err:
+	xfree(expr);
 }
 
 static void netlink_parse_fib(struct netlink_parse_ctx *ctx,
@@ -1137,10 +1142,11 @@ static void netlink_parse_dynset(struct netlink_parse_ctx *ctx,
 	dnle = nftnl_expr_get(nle, NFTNL_EXPR_DYNSET_EXPR, NULL);
 	if (dnle != NULL) {
 		if (netlink_parse_expr(dnle, ctx) < 0)
-			return;
-		if (ctx->stmt == NULL)
-			return netlink_error(ctx, loc,
-					     "Could not parse dynset stmt");
+			goto out_err;
+		if (ctx->stmt == NULL) {
+			netlink_error(ctx, loc, "Could not parse dynset stmt");
+			goto out_err;
+		}
 		dstmt = ctx->stmt;
 	}
 
@@ -1157,6 +1163,9 @@ static void netlink_parse_dynset(struct netlink_parse_ctx *ctx,
 	}
 
 	ctx->stmt = stmt;
+
+out_err:
+	xfree(expr);
 }
 
 static void netlink_parse_objref(struct netlink_parse_ctx *ctx,
-- 
2.16.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






