Most of the cases are basically the same: Error path fails to free the previously allocated statement or expression. A few cases received special treatment though: - In netlink_parse_payload_stmt(), the leak is easily avoided by code reordering. - In netlink_parse_exthdr(), there's no point in introducing a goto label since there is but a single affected error check. - In netlink_parse_hash() non-error path leaked as well if sreg contained a concatenated expression. Signed-off-by: Phil Sutter <phil@xxxxxx> --- Changes since v1: - Add missing return statements to avoid taking error path unconditionally in the two spots addressed by v1 patch. - Reviewing covscan results again, address also all the other spots it complained about. --- src/netlink_delinearize.c | 144 +++++++++++++++++++++++++++++----------------- 1 file changed, 92 insertions(+), 52 deletions(-) diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 9dbd9141c069e..c7df2b434eda5 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -472,15 +472,15 @@ static void netlink_parse_payload_stmt(struct netlink_parse_ctx *ctx, offset = nftnl_expr_get_u32(nle, NFTNL_EXPR_PAYLOAD_OFFSET) * BITS_PER_BYTE; len = nftnl_expr_get_u32(nle, NFTNL_EXPR_PAYLOAD_LEN) * BITS_PER_BYTE; - expr = payload_expr_alloc(loc, NULL, 0); - payload_init_raw(expr, base, offset, len); - sreg = netlink_parse_register(nle, NFTNL_EXPR_PAYLOAD_SREG); val = netlink_get_register(ctx, loc, sreg); if (val == NULL) return netlink_error(ctx, loc, "payload statement has no expression"); + expr = payload_expr_alloc(loc, NULL, 0); + payload_init_raw(expr, base, offset, len); + stmt = payload_stmt_alloc(loc, expr, val); list_add_tail(&stmt->list, &ctx->rule->stmts); @@ -525,9 +525,11 @@ static void netlink_parse_exthdr(struct netlink_parse_ctx *ctx, sreg = netlink_parse_register(nle, NFTNL_EXPR_EXTHDR_SREG); val = netlink_get_register(ctx, loc, sreg); - if (val == NULL) + if (val == NULL) { + xfree(expr); return netlink_error(ctx, loc, "exthdr statement has no expression"); + } expr_set_type(val, expr->dtype, expr->byteorder); @@ -558,22 +560,27 @@ static void netlink_parse_hash(struct netlink_parse_ctx *ctx, sreg = netlink_parse_register(nle, NFTNL_EXPR_HASH_SREG); hexpr = netlink_get_register(ctx, loc, sreg); - if (hexpr == NULL) - return + if (hexpr == NULL) { netlink_error(ctx, loc, "hash statement has no expression"); + goto out_err; + } len = nftnl_expr_get_u32(nle, NFTNL_EXPR_HASH_LEN) * BITS_PER_BYTE; if (hexpr->len < len) { + xfree(hexpr); hexpr = netlink_parse_concat_expr(ctx, loc, sreg, len); if (hexpr == NULL) - return; + goto out_err; } expr->hash.expr = hexpr; } dreg = netlink_parse_register(nle, NFTNL_EXPR_HASH_DREG); netlink_set_register(ctx, dreg, expr); + return; +out_err: + xfree(expr); } static void netlink_parse_fib(struct netlink_parse_ctx *ctx, @@ -855,10 +862,11 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx, reg1 = netlink_parse_register(nle, NFTNL_EXPR_NAT_REG_ADDR_MIN); if (reg1) { addr = netlink_get_register(ctx, loc, reg1); - if (addr == NULL) - return netlink_error(ctx, loc, - "NAT statement has no address " - "expression"); + if (addr == NULL) { + netlink_error(ctx, loc, + "NAT statement has no address expression"); + goto out_err; + } if (family == AF_INET) expr_set_type(addr, &ipaddr_type, BYTEORDER_BIG_ENDIAN); @@ -871,10 +879,11 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx, reg2 = netlink_parse_register(nle, NFTNL_EXPR_NAT_REG_ADDR_MAX); if (reg2 && reg2 != reg1) { addr = netlink_get_register(ctx, loc, reg2); - if (addr == NULL) - return netlink_error(ctx, loc, - "NAT statement has no address " - "expression"); + if (addr == NULL) { + netlink_error(ctx, loc, + "NAT statement has no address expression"); + goto out_err; + } if (family == AF_INET) expr_set_type(addr, &ipaddr_type, BYTEORDER_BIG_ENDIAN); @@ -889,10 +898,11 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx, reg1 = netlink_parse_register(nle, NFTNL_EXPR_NAT_REG_PROTO_MIN); if (reg1) { proto = netlink_get_register(ctx, loc, reg1); - if (proto == NULL) - return netlink_error(ctx, loc, - "NAT statement has no proto " - "expression"); + if (proto == NULL) { + netlink_error(ctx, loc, + "NAT statement has no proto expression"); + goto out_err; + } expr_set_type(proto, &inet_service_type, BYTEORDER_BIG_ENDIAN); stmt->nat.proto = proto; @@ -901,10 +911,11 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx, reg2 = netlink_parse_register(nle, NFTNL_EXPR_NAT_REG_PROTO_MAX); if (reg2 && reg2 != reg1) { proto = netlink_get_register(ctx, loc, reg2); - if (proto == NULL) - return netlink_error(ctx, loc, - "NAT statement has no proto " - "expression"); + if (proto == NULL) { + netlink_error(ctx, loc, + "NAT statement has no proto expression"); + goto out_err; + } expr_set_type(proto, &inet_service_type, BYTEORDER_BIG_ENDIAN); if (stmt->nat.proto != NULL) @@ -913,6 +924,9 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx, } ctx->stmt = stmt; + return; +out_err: + xfree(stmt); } static void netlink_parse_masq(struct netlink_parse_ctx *ctx, @@ -933,10 +947,11 @@ static void netlink_parse_masq(struct netlink_parse_ctx *ctx, reg1 = netlink_parse_register(nle, NFTNL_EXPR_MASQ_REG_PROTO_MIN); if (reg1) { proto = netlink_get_register(ctx, loc, reg1); - if (proto == NULL) - return netlink_error(ctx, loc, - "MASQUERADE statement" - "has no proto expression"); + if (proto == NULL) { + netlink_error(ctx, loc, + "MASQUERADE statement has no proto expression"); + goto out_err; + } expr_set_type(proto, &inet_service_type, BYTEORDER_BIG_ENDIAN); stmt->masq.proto = proto; } @@ -944,10 +959,11 @@ static void netlink_parse_masq(struct netlink_parse_ctx *ctx, reg2 = netlink_parse_register(nle, NFTNL_EXPR_MASQ_REG_PROTO_MAX); if (reg2 && reg2 != reg1) { proto = netlink_get_register(ctx, loc, reg2); - if (proto == NULL) - return netlink_error(ctx, loc, - "MASQUERADE statement" - "has no proto expression"); + if (proto == NULL) { + netlink_error(ctx, loc, + "MASQUERADE statement has no proto expression"); + goto out_err; + } expr_set_type(proto, &inet_service_type, BYTEORDER_BIG_ENDIAN); if (stmt->masq.proto != NULL) proto = range_expr_alloc(loc, stmt->masq.proto, proto); @@ -955,6 +971,9 @@ static void netlink_parse_masq(struct netlink_parse_ctx *ctx, } ctx->stmt = stmt; + return; +out_err: + xfree(stmt); } static void netlink_parse_redir(struct netlink_parse_ctx *ctx, @@ -976,10 +995,11 @@ static void netlink_parse_redir(struct netlink_parse_ctx *ctx, reg1 = netlink_parse_register(nle, NFTNL_EXPR_REDIR_REG_PROTO_MIN); if (reg1) { proto = netlink_get_register(ctx, loc, reg1); - if (proto == NULL) - return netlink_error(ctx, loc, - "redirect statement has no proto " - "expression"); + if (proto == NULL) { + netlink_error(ctx, loc, + "redirect statement has no proto expression"); + goto out_err; + } expr_set_type(proto, &inet_service_type, BYTEORDER_BIG_ENDIAN); stmt->redir.proto = proto; @@ -988,10 +1008,11 @@ static void netlink_parse_redir(struct netlink_parse_ctx *ctx, reg2 = netlink_parse_register(nle, NFTNL_EXPR_REDIR_REG_PROTO_MAX); if (reg2 && reg2 != reg1) { proto = netlink_get_register(ctx, loc, reg2); - if (proto == NULL) - return netlink_error(ctx, loc, - "redirect statement has no proto " - "expression"); + if (proto == NULL) { + netlink_error(ctx, loc, + "redirect statement has no proto expression"); + goto out_err; + } expr_set_type(proto, &inet_service_type, BYTEORDER_BIG_ENDIAN); if (stmt->redir.proto != NULL) @@ -1001,6 +1022,9 @@ static void netlink_parse_redir(struct netlink_parse_ctx *ctx, } ctx->stmt = stmt; + return; +out_err: + xfree(stmt); } static void netlink_parse_dup(struct netlink_parse_ctx *ctx, @@ -1016,9 +1040,11 @@ static void netlink_parse_dup(struct netlink_parse_ctx *ctx, reg1 = netlink_parse_register(nle, NFTNL_EXPR_DUP_SREG_ADDR); if (reg1) { addr = netlink_get_register(ctx, loc, reg1); - if (addr == NULL) - return netlink_error(ctx, loc, - "DUP statement has no destination expression"); + if (addr == NULL) { + netlink_error(ctx, loc, + "DUP statement has no destination expression"); + goto out_err; + } switch (ctx->table->handle.family) { case NFPROTO_IPV4: @@ -1035,9 +1061,11 @@ static void netlink_parse_dup(struct netlink_parse_ctx *ctx, reg2 = netlink_parse_register(nle, NFTNL_EXPR_DUP_SREG_DEV); if (reg2) { dev = netlink_get_register(ctx, loc, reg2); - if (dev == NULL) - return netlink_error(ctx, loc, - "DUP statement has no output expression"); + if (dev == NULL) { + netlink_error(ctx, loc, + "DUP statement has no output expression"); + goto out_err; + } expr_set_type(dev, &ifindex_type, BYTEORDER_HOST_ENDIAN); if (stmt->dup.to == NULL) @@ -1047,6 +1075,9 @@ static void netlink_parse_dup(struct netlink_parse_ctx *ctx, } ctx->stmt = stmt; + return; +out_err: + xfree(stmt); } static void netlink_parse_fwd(struct netlink_parse_ctx *ctx, @@ -1062,15 +1093,20 @@ static void netlink_parse_fwd(struct netlink_parse_ctx *ctx, reg1 = netlink_parse_register(nle, NFTNL_EXPR_FWD_SREG_DEV); if (reg1) { dev = netlink_get_register(ctx, loc, reg1); - if (dev == NULL) - return netlink_error(ctx, loc, - "fwd statement has no output expression"); + if (dev == NULL) { + netlink_error(ctx, loc, + "fwd statement has no output expression"); + goto out_err; + } expr_set_type(dev, &ifindex_type, BYTEORDER_HOST_ENDIAN); stmt->fwd.to = dev; } ctx->stmt = stmt; + return; +out_err: + xfree(stmt); } static void netlink_parse_queue(struct netlink_parse_ctx *ctx, @@ -1137,10 +1173,11 @@ static void netlink_parse_dynset(struct netlink_parse_ctx *ctx, dnle = nftnl_expr_get(nle, NFTNL_EXPR_DYNSET_EXPR, NULL); if (dnle != NULL) { if (netlink_parse_expr(dnle, ctx) < 0) - return; - if (ctx->stmt == NULL) - return netlink_error(ctx, loc, - "Could not parse dynset stmt"); + goto out_err; + if (ctx->stmt == NULL) { + netlink_error(ctx, loc, "Could not parse dynset stmt"); + goto out_err; + } dstmt = ctx->stmt; } @@ -1157,6 +1194,9 @@ static void netlink_parse_dynset(struct netlink_parse_ctx *ctx, } ctx->stmt = stmt; + return; +out_err: + xfree(expr); } static void netlink_parse_objref(struct netlink_parse_ctx *ctx, -- 2.16.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html