All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nft,v2] rule: memleak of list of timeout policies
Date: Thu, 17 Jun 2021 23:08:10 +0200	[thread overview]
Message-ID: <20210617210810.26671-1-pablo@netfilter.org> (raw)

Release list of ct timeout policy when object is freed.

Direct leak of 160 byte(s) in 2 object(s) allocated from:
    #0 0x7fc0273ad330 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9330)
    #1 0x7fc0231377c4 in xmalloc /home/.../devel/nftables/src/utils.c:36
    #2 0x7fc023137983 in xzalloc /home/.../devel/nftables/src/utils.c:75
    #3 0x7fc0231f64d6 in nft_parse /home/.../devel/nftables/src/parser_bison.y:4448

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
v2: skip init_list_head() from parser path, list is already initialized
    (actually it results in a memleak of the timeout policies that are
     obtained from the ruleset file).

 src/netlink.c | 1 +
 src/rule.c    | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/src/netlink.c b/src/netlink.c
index f2c1a4a15dee..c5fd38044b41 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1484,6 +1484,7 @@ struct obj *netlink_delinearize_obj(struct netlink_ctx *ctx,
 		obj->ct_helper.l4proto = nftnl_obj_get_u8(nlo, NFTNL_OBJ_CT_HELPER_L4PROTO);
 		break;
 	case NFT_OBJECT_CT_TIMEOUT:
+		init_list_head(&obj->ct_timeout.timeout_list);
 		obj->ct_timeout.l3proto = nftnl_obj_get_u16(nlo, NFTNL_OBJ_CT_TIMEOUT_L3PROTO);
 		obj->ct_timeout.l4proto = nftnl_obj_get_u8(nlo, NFTNL_OBJ_CT_TIMEOUT_L4PROTO);
 		memcpy(obj->ct_timeout.timeout,
diff --git a/src/rule.c b/src/rule.c
index 92daf2f33b76..10569aa7875a 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1709,6 +1709,14 @@ void obj_free(struct obj *obj)
 		return;
 	xfree(obj->comment);
 	handle_free(&obj->handle);
+	if (obj->type == NFT_OBJECT_CT_TIMEOUT) {
+		struct timeout_state *ts, *next;
+
+		list_for_each_entry_safe(ts, next, &obj->ct_timeout.timeout_list, head) {
+			list_del(&ts->head);
+			xfree(ts);
+		}
+	}
 	xfree(obj);
 }
 
-- 
2.30.2


                 reply	other threads:[~2021-06-17 21:08 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210617210810.26671-1-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.