The nf_tables_newrule has two problems. 1. module leak in the error path 2. use-after-free in the nf_tables_rule_destroy function. These problems related in each other so that this patch seriese is made. In the first patch, new nft_expr_type->release callback is added to release resources allocated in nft_expr_type->select_ops. The second patch modifies the error path of the nf_table_newrule by using nft_expr_type->release callback. The third patch solve use-after-free problem in nf_tables_rule_destroy. Taehee Yoo (3): netfilter: nf_tables: add release callback in nft_expr_type netfilter: fix error path of the nf_tables_newrule netfilter: nf_tables: fix use-after-free in nf_tables_rule_destroy include/net/netfilter/nf_tables.h | 2 ++ net/netfilter/nf_tables_api.c | 65 +++++++++++++++++++++++---------------- net/netfilter/nft_compat.c | 52 ++++++++++++++++--------------- 3 files changed, 68 insertions(+), 51 deletions(-) -- 2.9.3 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
