From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 8/8] netfilter: nfnetlink_queue: fix secctx memory leak
Date: Wed, 29 Mar 2017 14:14:10 +0200 [thread overview]
Message-ID: <1490789650-7294-9-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1490789650-7294-1-git-send-email-pablo@netfilter.org>
From: Liping Zhang <zlpnobody@gmail.com>
We must call security_release_secctx to free the memory returned by
security_secid_to_secctx, otherwise memory may be leaked forever.
Fixes: ef493bd930ae ("netfilter: nfnetlink_queue: add security context information")
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nfnetlink_queue.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 3ee0b8a000a4..933509ebf3d3 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -443,7 +443,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
skb = alloc_skb(size, GFP_ATOMIC);
if (!skb) {
skb_tx_error(entskb);
- return NULL;
+ goto nlmsg_failure;
}
nlh = nlmsg_put(skb, 0, 0,
@@ -452,7 +452,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
if (!nlh) {
skb_tx_error(entskb);
kfree_skb(skb);
- return NULL;
+ goto nlmsg_failure;
}
nfmsg = nlmsg_data(nlh);
nfmsg->nfgen_family = entry->state.pf;
@@ -598,12 +598,17 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
}
nlh->nlmsg_len = skb->len;
+ if (seclen)
+ security_release_secctx(secdata, seclen);
return skb;
nla_put_failure:
skb_tx_error(entskb);
kfree_skb(skb);
net_err_ratelimited("nf_queue: error creating packet message\n");
+nlmsg_failure:
+ if (seclen)
+ security_release_secctx(secdata, seclen);
return NULL;
}
--
2.1.4
next prev parent reply other threads:[~2017-03-29 12:14 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-29 12:14 [PATCH 0/8] Netfilter fixes for net Pablo Neira Ayuso
2017-03-29 12:14 ` [PATCH 1/8] netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max Pablo Neira Ayuso
2017-03-29 12:14 ` [PATCH 2/8] netfilter: nfnl_cthelper: fix runtime expectation policy updates Pablo Neira Ayuso
2017-03-29 12:14 ` [PATCH 3/8] netfilter: nfnl_cthelper: Fix memory leak Pablo Neira Ayuso
2017-03-29 12:14 ` [PATCH 4/8] netfilter: invoke synchronize_rcu after set the _hook_ to NULL Pablo Neira Ayuso
2017-03-29 12:14 ` [PATCH 5/8] netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table Pablo Neira Ayuso
2017-03-29 12:14 ` [PATCH 6/8] netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister Pablo Neira Ayuso
2017-03-29 12:14 ` [PATCH 7/8] netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register Pablo Neira Ayuso
2017-03-29 12:14 ` Pablo Neira Ayuso [this message]
2017-03-29 21:39 ` [PATCH 0/8] Netfilter fixes for net David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1490789650-7294-9-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).