diff options
author | Liping Zhang <liping.zhang@spreadtrum.com> | 2016-06-20 21:11:45 +0800 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-06-23 14:15:24 +0200 |
commit | 6cafaf4764a32597c2195aa5411b87728e1fde8a (patch) | |
tree | 4d072f4a097bc572a3eb971923a3d73a81f695fb /net | |
parent | acd43fe85b2d1dbad55ce211b8817e6d6687246f (diff) | |
download | linux-6cafaf4764a32597c2195aa5411b87728e1fde8a.tar.bz2 |
netfilter: nf_tables: fix memory leak if expr init fails
If expr init fails then we need to free it.
So when the user add a nft rule as follows:
# nft add rule filter input tcp dport 22 flow table ssh \
{ ip saddr limit rate 0/second }
memory leak will happen.
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nf_tables_api.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 2c881871db38..cf7c74599cbe 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1724,9 +1724,11 @@ struct nft_expr *nft_expr_init(const struct nft_ctx *ctx, err = nf_tables_newexpr(ctx, &info, expr); if (err < 0) - goto err2; + goto err3; return expr; +err3: + kfree(expr); err2: module_put(info.ops->type->owner); err1: |