Re: [PATCH nf,v2 1/2] netfilter: nf_tables: release element key when parser fails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, Jul 09, 2022 at 04:17:30PM +0200, Pablo Neira Ayuso wrote:
> On Fri, Jul 08, 2022 at 12:06:32PM +0200, Pablo Neira Ayuso wrote:
> > Call nft_data_release() to release the element keys otherwise this
> > might leak chain reference counter.
> > 
> > Fixes: 7b225d0b5c6d ("netfilter: nf_tables: add NFTA_SET_ELEM_KEY_END attribute")
> > Fixes: ba0e4d9917b4 ("netfilter: nf_tables: get set elements via netlink")
> > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> > ---
> > v2: coalesce two similar patches:
> >     https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220708084453.11066-1-pablo@xxxxxxxxxxxxx/
> >     https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220708085805.12310-1-pablo@xxxxxxxxxxxxx/
> 
> Scratch this. nft_data_release() is noop for NFT_DATA_VERDICT case.

s/NFT_DATA_VERDICT/NFT_DATA_VALUE

> Calling this is good for consistency, but let's schedule this patch
> for nf-next instead.
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux