From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pablo Neira Ayuso Subject: [PATCH 11/18] netfilter: Fix memory leak in nf_register_net_hook Date: Tue, 4 Aug 2015 12:02:41 +0200 Message-ID: <1438682568-8346-12-git-send-email-pablo@netfilter.org> References: <1438682568-8346-1-git-send-email-pablo@netfilter.org> Cc: davem@davemloft.net, netdev@vger.kernel.org To: netfilter-devel@vger.kernel.org Return-path: Received: from mail.us.es ([193.147.175.20]:56065 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933136AbbHDJ5f (ORCPT ); Tue, 4 Aug 2015 05:57:35 -0400 In-Reply-To: <1438682568-8346-1-git-send-email-pablo@netfilter.org> Sender: netfilter-devel-owner@vger.kernel.org List-ID: From: "Eric W. Biederman" In the rare case that when it is a attempted to use a per network device netfilter hook and the network device does not exist the newly allocated structure can leak. Be a good citizen and free the newly allocated structure in the error handling code. Fixes: 085db2c04557 ("netfilter: Per network namespace netfilter hooks.") Reported-by: kbuild@01.org Reported-by: Dan Carpenter Signed-off-by: "Eric W. Biederman" Signed-off-by: Pablo Neira Ayuso --- net/netfilter/core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/netfilter/core.c b/net/netfilter/core.c index 6896cee..87d237d 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c @@ -96,8 +96,10 @@ int nf_register_net_hook(struct net *net, const struct nf_hook_ops *reg) new->priority = reg->priority; nf_hook_list = find_nf_hook_list(net, reg); - if (!nf_hook_list) + if (!nf_hook_list) { + kfree(new); return -ENOENT; + } mutex_lock(&nf_hook_mutex); list_for_each_entry(elem, nf_hook_list, list) { -- 1.7.10.4