[nft PATCH 5/5] mnl: dump_nf_hooks() leaks memory in error path

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Have to free the basehook object before returning to caller.

Fixes: 4694f7230195b ("src: add support for base hook dumping")
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 src/mnl.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/mnl.c b/src/mnl.c
index 62b0b59c2da8a..46d86f0fd9502 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -2217,16 +2217,23 @@ static int dump_nf_hooks(const struct nlmsghdr *nlh, void *_data)
 		struct nlattr *nested[NFNLA_HOOK_INFO_MAX + 1] = {};
 		uint32_t type;
 
-		if (mnl_attr_parse_nested(tb[NFNLA_HOOK_CHAIN_INFO], dump_nf_chain_info_cb, nested) < 0)
+		if (mnl_attr_parse_nested(tb[NFNLA_HOOK_CHAIN_INFO],
+					  dump_nf_chain_info_cb, nested) < 0) {
+			basehook_free(hook);
 			return -1;
+		}
 
 		type = ntohl(mnl_attr_get_u32(nested[NFNLA_HOOK_INFO_TYPE]));
 		if (type == NFNL_HOOK_TYPE_NFTABLES) {
 			struct nlattr *info[NFNLA_CHAIN_MAX + 1] = {};
 			const char *tablename, *chainname;
 
-			if (mnl_attr_parse_nested(nested[NFNLA_HOOK_INFO_DESC], dump_nf_attr_chain_cb, info) < 0)
+			if (mnl_attr_parse_nested(nested[NFNLA_HOOK_INFO_DESC],
+						  dump_nf_attr_chain_cb,
+						  info) < 0) {
+				basehook_free(hook);
 				return -1;
+			}
 
 			tablename = mnl_attr_get_str(info[NFNLA_CHAIN_TABLE]);
 			chainname = mnl_attr_get_str(info[NFNLA_CHAIN_NAME]);
-- 
2.38.0




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux