Re: [PATCH nf,v2 1/2] netfilter: nf_tables: release element key when parser fails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Jul 08, 2022 at 12:06:32PM +0200, Pablo Neira Ayuso wrote:
> Call nft_data_release() to release the element keys otherwise this
> might leak chain reference counter.
> 
> Fixes: 7b225d0b5c6d ("netfilter: nf_tables: add NFTA_SET_ELEM_KEY_END attribute")
> Fixes: ba0e4d9917b4 ("netfilter: nf_tables: get set elements via netlink")
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> ---
> v2: coalesce two similar patches:
>     https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220708084453.11066-1-pablo@xxxxxxxxxxxxx/
>     https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220708085805.12310-1-pablo@xxxxxxxxxxxxx/

Scratch this. nft_data_release() is noop for NFT_DATA_VERDICT case.
Calling this is good for consistency, but let's schedule this patch
for nf-next instead.
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux