Blame SOURCES/0008-nft-Avoid-memleak-in-error-path-of-nft_cmd_new.patch
|
 |
3a00e5 |
From c5188cd7e1b2d54a63dac25b6f84f2ab26f7b8fc Mon Sep 17 00:00:00 2001
|
|
|
3a00e5 |
From: Phil Sutter <phil@nwl.cc>
|
|
|
3a00e5 |
Date: Wed, 2 Jun 2021 11:55:20 +0200
|
|
|
3a00e5 |
Subject: [PATCH] nft: Avoid memleak in error path of nft_cmd_new()
|
|
|
3a00e5 |
|
|
|
3a00e5 |
If rule allocation fails, free the allocated 'cmd' before returning to
|
|
|
3a00e5 |
caller.
|
|
|
3a00e5 |
|
|
|
3a00e5 |
Fixes: a7f1e208cdf9c ("nft: split parsing from netlink commands")
|
|
|
3a00e5 |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
3a00e5 |
(cherry picked from commit eab75ed36a4f204ddab0c40ba42c5a300634d5c3)
|
|
|
3a00e5 |
---
|
|
|
3a00e5 |
iptables/nft-cmd.c | 4 +++-
|
|
|
3a00e5 |
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
3a00e5 |
|
|
|
3a00e5 |
diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c
|
|
|
3a00e5 |
index 5d33f1f00f574..9b0c964847615 100644
|
|
|
3a00e5 |
--- a/iptables/nft-cmd.c
|
|
|
3a00e5 |
+++ b/iptables/nft-cmd.c
|
|
|
3a00e5 |
@@ -35,8 +35,10 @@ struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command,
|
|
|
3a00e5 |
|
|
|
3a00e5 |
if (state) {
|
|
|
3a00e5 |
rule = nft_rule_new(h, chain, table, state);
|
|
|
3a00e5 |
- if (!rule)
|
|
|
3a00e5 |
+ if (!rule) {
|
|
|
3a00e5 |
+ nft_cmd_free(cmd);
|
|
|
3a00e5 |
return NULL;
|
|
|
3a00e5 |
+ }
|
|
|
3a00e5 |
|
|
|
3a00e5 |
cmd->obj.rule = rule;
|
|
|
3a00e5 |
|
|
|
3a00e5 |
--
|
|
|
3a00e5 |
2.31.1
|
|
|
3a00e5 |
|