summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorLiping Zhang <liping.zhang@spreadtrum.com>2016-06-20 21:11:45 +0800
committerPablo Neira Ayuso <pablo@netfilter.org>2016-06-23 14:15:24 +0200
commit6cafaf4764a32597c2195aa5411b87728e1fde8a (patch)
tree4d072f4a097bc572a3eb971923a3d73a81f695fb /net
parentacd43fe85b2d1dbad55ce211b8817e6d6687246f (diff)
downloadlinux-6cafaf4764a32597c2195aa5411b87728e1fde8a.tar.bz2
netfilter: nf_tables: fix memory leak if expr init fails
If expr init fails then we need to free it. So when the user add a nft rule as follows: # nft add rule filter input tcp dport 22 flow table ssh \ { ip saddr limit rate 0/second } memory leak will happen. Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/nf_tables_api.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 2c881871db38..cf7c74599cbe 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1724,9 +1724,11 @@ struct nft_expr *nft_expr_init(const struct nft_ctx *ctx,
err = nf_tables_newexpr(ctx, &info, expr);
if (err < 0)
- goto err2;
+ goto err3;
return expr;
+err3:
+ kfree(expr);
err2:
module_put(info.ops->type->owner);
err1: