From: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 23 Jan 2024 14:28:31 +0100
The result from a call of the function “kasprintf” was passed to
a subsequent function call without checking for a null pointer before
(according to a memory allocation failure).
This issue was detected by using the Coccinelle software.
Thus add a null pointer check and a jump target in affected functions.
Fixes: 8877393029e76 ("netfilter: nf_tables: Open-code audit log call in nf_tables_getrule()")
Fixes: 0854db2aaef3f ("netfilter: nf_tables: use net_generic infra for transaction data")
Signed-off-by: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
---
net/netfilter/nf_tables_api.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 8438a8922e4a..cb61c7a39a76 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -3728,10 +3728,13 @@ static int nf_tables_getrule_reset(struct sk_buff *skb,
nla_len(nla[NFTA_RULE_TABLE]),
(char *)nla_data(nla[NFTA_RULE_TABLE]),
nft_net->base_seq);
+ if (!buf)
+ goto exit;
+
audit_log_nfcfg(buf, info->nfmsg->nfgen_family, 1,
AUDIT_NFT_OP_RULE_RESET, GFP_ATOMIC);
kfree(buf);
-
+exit:
return nfnetlink_unicast(skb2, net, portid);
}
@@ -7917,6 +7920,8 @@ static int nf_tables_getobj(struct sk_buff *skb, const struct nfnl_info *info,
nft_net = nft_pernet(net);
buf = kasprintf(GFP_ATOMIC, "%s:%u", table->name, nft_net->base_seq);
+ if (!buf)
+ goto fill_obj_info;
audit_log_nfcfg(buf,
family,
@@ -7925,7 +7930,7 @@ static int nf_tables_getobj(struct sk_buff *skb, const struct nfnl_info *info,
GFP_ATOMIC);
kfree(buf);
}
-
+fill_obj_info:
err = nf_tables_fill_obj_info(skb2, net, NETLINK_CB(skb).portid,
info->nlh->nlmsg_seq, NFT_MSG_NEWOBJ, 0,
family, table, obj, reset);
--
2.43.0
