* [PATCH 1/2 nf] netfilter: nfnetlink_cthelper: fix runtime expectation policy updates
@ 2017-03-21 12:41 Pablo Neira Ayuso
2017-03-21 12:41 ` [PATCH 2/2 nf] netfilter: cthelper: Fix memory leak Pablo Neira Ayuso
0 siblings, 1 reply; 3+ messages in thread
From: Pablo Neira Ayuso @ 2017-03-21 12:41 UTC (permalink / raw)
To: netfilter-devel; +Cc: zlpnobody, jeffy.chen, dianders, briannorris
We only allow runtime updates of expectation policies for timeout and
maximum number of expectations, otherwise reject the update.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nfnetlink_cthelper.c | 68 ++++++++++++++++++++++++++++++++++++--
1 file changed, 66 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nfnetlink_cthelper.c b/net/netfilter/nfnetlink_cthelper.c
index de8782345c86..ffb51b91e646 100644
--- a/net/netfilter/nfnetlink_cthelper.c
+++ b/net/netfilter/nfnetlink_cthelper.c
@@ -254,6 +254,71 @@ nfnl_cthelper_create(const struct nlattr * const tb[],
}
static int
+nfnl_cthelper_update_policy_one(struct nf_conntrack_expect_policy *expect_policy,
+ const struct nlattr *attr)
+{
+ struct nlattr *tb[NFCTH_POLICY_MAX + 1];
+ int err;
+
+ err = nla_parse_nested(tb, NFCTH_POLICY_MAX, attr,
+ nfnl_cthelper_expect_pol);
+ if (err < 0)
+ return err;
+
+ if (!tb[NFCTH_POLICY_NAME] ||
+ !tb[NFCTH_POLICY_EXPECT_MAX] ||
+ !tb[NFCTH_POLICY_EXPECT_TIMEOUT])
+ return -EINVAL;
+
+ if (nla_strcmp(tb[NFCTH_POLICY_NAME], expect_policy->name))
+ return -EBUSY;
+
+ expect_policy->max_expected =
+ ntohl(nla_get_be32(tb[NFCTH_POLICY_EXPECT_MAX]));
+ expect_policy->timeout =
+ ntohl(nla_get_be32(tb[NFCTH_POLICY_EXPECT_TIMEOUT]));
+
+ return 0;
+}
+
+static int
+nfnl_cthelper_update_policy(struct nf_conntrack_helper *helper,
+ const struct nlattr *attr)
+{
+ struct nf_conntrack_expect_policy *expect_policy;
+ struct nlattr *tb[NFCTH_POLICY_SET_MAX + 1];
+ unsigned int class_max;
+ int i, err;
+
+ err = nla_parse_nested(tb, NFCTH_POLICY_SET_MAX, attr,
+ nfnl_cthelper_expect_policy_set);
+ if (err < 0)
+ return err;
+
+ if (!tb[NFCTH_POLICY_SET_NUM])
+ return -EINVAL;
+
+ class_max = ntohl(nla_get_be32(tb[NFCTH_POLICY_SET_NUM]));
+ if (helper->expect_class_max != class_max)
+ return -EBUSY;
+
+ for (i = 0; i < helper->expect_class_max; i++) {
+ if (!tb[NFCTH_POLICY_SET + i])
+ return -EINVAL;
+
+ expect_policy =
+ (struct nf_conntrack_expect_policy *)
+ &helper->expect_policy[i];
+ err = nfnl_cthelper_update_policy_one(expect_policy,
+ tb[NFCTH_POLICY_SET + i]);
+ if (err < 0)
+ return err;
+ }
+
+ return 0;
+}
+
+static int
nfnl_cthelper_update(const struct nlattr * const tb[],
struct nf_conntrack_helper *helper)
{
@@ -263,8 +328,7 @@ nfnl_cthelper_update(const struct nlattr * const tb[],
return -EBUSY;
if (tb[NFCTH_POLICY]) {
- ret = nfnl_cthelper_parse_expect_policy(helper,
- tb[NFCTH_POLICY]);
+ ret = nfnl_cthelper_update_policy(helper, tb[NFCTH_POLICY]);
if (ret < 0)
return ret;
}
--
2.1.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/2 nf] netfilter: cthelper: Fix memory leak
2017-03-21 12:41 [PATCH 1/2 nf] netfilter: nfnetlink_cthelper: fix runtime expectation policy updates Pablo Neira Ayuso
@ 2017-03-21 12:41 ` Pablo Neira Ayuso
2017-03-22 2:43 ` jeffy
0 siblings, 1 reply; 3+ messages in thread
From: Pablo Neira Ayuso @ 2017-03-21 12:41 UTC (permalink / raw)
To: netfilter-devel; +Cc: zlpnobody, jeffy.chen, dianders, briannorris
From: Jeffy Chen <jeffy.chen@rock-chips.com>
We have memory leaks of nf_conntrack_helper & expect_policy.
Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
Heavily based on your original patch, so I'm keeping you as original author
for this fix.
net/netfilter/nfnetlink_cthelper.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/net/netfilter/nfnetlink_cthelper.c b/net/netfilter/nfnetlink_cthelper.c
index ffb51b91e646..bc43d8635cb8 100644
--- a/net/netfilter/nfnetlink_cthelper.c
+++ b/net/netfilter/nfnetlink_cthelper.c
@@ -214,7 +214,7 @@ nfnl_cthelper_create(const struct nlattr * const tb[],
ret = nfnl_cthelper_parse_expect_policy(helper, tb[NFCTH_POLICY]);
if (ret < 0)
- goto err;
+ goto err1;
strncpy(helper->name, nla_data(tb[NFCTH_NAME]), NF_CT_HELPER_NAME_LEN);
helper->data_len = ntohl(nla_get_be32(tb[NFCTH_PRIV_DATA_LEN]));
@@ -245,10 +245,12 @@ nfnl_cthelper_create(const struct nlattr * const tb[],
ret = nf_conntrack_helper_register(helper);
if (ret < 0)
- goto err;
+ goto err2;
return 0;
-err:
+err2:
+ kfree(helper->expect_policy);
+err1:
kfree(helper);
return ret;
}
@@ -676,6 +678,8 @@ static int nfnl_cthelper_del(struct net *net, struct sock *nfnl,
found = true;
nf_conntrack_helper_unregister(cur);
+ kfree(cur->expect_policy);
+ kfree(cur);
}
}
/* Make sure we return success if we flush and there is no helpers */
@@ -739,6 +743,8 @@ static void __exit nfnl_cthelper_exit(void)
continue;
nf_conntrack_helper_unregister(cur);
+ kfree(cur->expect_policy);
+ kfree(cur);
}
}
}
--
2.1.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 2/2 nf] netfilter: cthelper: Fix memory leak
2017-03-21 12:41 ` [PATCH 2/2 nf] netfilter: cthelper: Fix memory leak Pablo Neira Ayuso
@ 2017-03-22 2:43 ` jeffy
0 siblings, 0 replies; 3+ messages in thread
From: jeffy @ 2017-03-22 2:43 UTC (permalink / raw)
To: Pablo Neira Ayuso, netfilter-devel; +Cc: zlpnobody, dianders, briannorris
Hi Pablo,
On chromebook kevin:
Tested-by: Jeffy Chen <jeffy.chen@rock-chips.com>
On 03/21/2017 08:41 PM, Pablo Neira Ayuso wrote:
> From: Jeffy Chen <jeffy.chen@rock-chips.com>
>
> We have memory leaks of nf_conntrack_helper & expect_policy.
>
> Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> ---
> Heavily based on your original patch, so I'm keeping you as original author
> for this fix.
>
> net/netfilter/nfnetlink_cthelper.c | 12 +++++++++---
> 1 file changed, 9 insertions(+), 3 deletions(-)
>
> diff --git a/net/netfilter/nfnetlink_cthelper.c b/net/netfilter/nfnetlink_cthelper.c
> index ffb51b91e646..bc43d8635cb8 100644
> --- a/net/netfilter/nfnetlink_cthelper.c
> +++ b/net/netfilter/nfnetlink_cthelper.c
> @@ -214,7 +214,7 @@ nfnl_cthelper_create(const struct nlattr * const tb[],
>
> ret = nfnl_cthelper_parse_expect_policy(helper, tb[NFCTH_POLICY]);
> if (ret < 0)
> - goto err;
> + goto err1;
it's safe to kfree a null pointer, so we can use the same goto label
with err2.
But it's up to you, just matter of taste :)
>
> strncpy(helper->name, nla_data(tb[NFCTH_NAME]), NF_CT_HELPER_NAME_LEN);
> helper->data_len = ntohl(nla_get_be32(tb[NFCTH_PRIV_DATA_LEN]));
> @@ -245,10 +245,12 @@ nfnl_cthelper_create(const struct nlattr * const tb[],
>
> ret = nf_conntrack_helper_register(helper);
> if (ret < 0)
> - goto err;
> + goto err2;
>
> return 0;
> -err:
> +err2:
> + kfree(helper->expect_policy);
> +err1:
> kfree(helper);
> return ret;
> }
> @@ -676,6 +678,8 @@ static int nfnl_cthelper_del(struct net *net, struct sock *nfnl,
>
> found = true;
> nf_conntrack_helper_unregister(cur);
> + kfree(cur->expect_policy);
> + kfree(cur);
> }
> }
> /* Make sure we return success if we flush and there is no helpers */
> @@ -739,6 +743,8 @@ static void __exit nfnl_cthelper_exit(void)
> continue;
>
> nf_conntrack_helper_unregister(cur);
> + kfree(cur->expect_policy);
> + kfree(cur);
> }
> }
> }
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-03-22 2:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-21 12:41 [PATCH 1/2 nf] netfilter: nfnetlink_cthelper: fix runtime expectation policy updates Pablo Neira Ayuso
2017-03-21 12:41 ` [PATCH 2/2 nf] netfilter: cthelper: Fix memory leak Pablo Neira Ayuso
2017-03-22 2:43 ` jeffy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.