On Mon, Sep 25, 2023 at 12:48:35PM +0200, Pablo Neira Ayuso wrote:
> On Sat, Sep 23, 2023 at 03:38:04AM +0200, Phil Sutter wrote:
> [...]
> > +static int nf_tables_getrule_reset(struct sk_buff *skb,
> > + const struct nfnl_info *info,
> > + const struct nlattr * const nla[])
> > +{
> > + struct nftables_pernet *nft_net = nft_pernet(info->net);
> > + u8 family = info->nfmsg->nfgen_family;
> > + u32 portid = NETLINK_CB(skb).portid;
> > + char *tablename, *buf;
> > + struct sk_buff *skb2;
> > +
> > + if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
> > + struct netlink_dump_control c = {
> > + .start= nf_tables_dumpreset_rules_start,
> > + .dump = nf_tables_dumpreset_rules,
> > + .done = nf_tables_dump_rules_done,
> > + .module = THIS_MODULE,
> > + .data = (void *)nla,
> > + };
> > +
> > + return nft_netlink_dump_start_rcu(info->sk, skb, info->nlh, &c);
> > + }
> > +
> > + if (!nla[NFTA_RULE_TABLE])
> > + return -EINVAL;
> > +
> > + tablename = nla_strdup(nla[NFTA_RULE_TABLE], GFP_ATOMIC);
> > + if (!tablename)
> > + return -ENOMEM;
> > +
> > + spin_lock(&nft_net->reset_lock);
> > + skb2 = nf_tables_getrule_single(portid, info, nla, true);
> > + spin_unlock(&nft_net->reset_lock);
> > + if (IS_ERR(skb2))
>
> This leaks tablename?
Florian already reported this one, apologies.
