|
 |
168a1c |
From a79e92c0f6761a748ef3cbffd26a4f1db82b4b3e Mon Sep 17 00:00:00 2001
|
|
|
168a1c |
From: Phil Sutter <phil@nwl.cc>
|
|
|
168a1c |
Date: Fri, 11 Jun 2021 16:07:02 +0200
|
|
|
168a1c |
Subject: [PATCH] parser_json: Fix for memleak in tcp option error path
|
|
|
168a1c |
|
|
|
168a1c |
If 'kind' value is invalid, the function returned without freeing 'expr'
|
|
|
168a1c |
first. Fix this by performing the check before allocation.
|
|
|
168a1c |
|
|
|
168a1c |
Fixes: cb21869649208 ("json: tcp: add raw tcp option match support")
|
|
|
168a1c |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
168a1c |
(cherry picked from commit f7b0eef8391ae7f89a3a82f6eeecaebe199224d7)
|
|
|
168a1c |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
168a1c |
---
|
|
|
168a1c |
src/parser_json.c | 6 +++---
|
|
|
168a1c |
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
168a1c |
|
|
|
168a1c |
diff --git a/src/parser_json.c b/src/parser_json.c
|
|
|
168a1c |
index f0486b77a225a..85d05ce27eef3 100644
|
|
|
168a1c |
--- a/src/parser_json.c
|
|
|
168a1c |
+++ b/src/parser_json.c
|
|
|
168a1c |
@@ -611,12 +611,12 @@ static struct expr *json_parse_tcp_option_expr(struct json_ctx *ctx,
|
|
|
168a1c |
"base", &kind, "offset", &offset, "len", &len)) {
|
|
|
168a1c |
uint32_t flag = 0;
|
|
|
168a1c |
|
|
|
168a1c |
- expr = tcpopt_expr_alloc(int_loc, kind,
|
|
|
168a1c |
- TCPOPT_COMMON_KIND);
|
|
|
168a1c |
-
|
|
|
168a1c |
if (kind < 0 || kind > 255)
|
|
|
168a1c |
return NULL;
|
|
|
168a1c |
|
|
|
168a1c |
+ expr = tcpopt_expr_alloc(int_loc, kind,
|
|
|
168a1c |
+ TCPOPT_COMMON_KIND);
|
|
|
168a1c |
+
|
|
|
168a1c |
if (offset == TCPOPT_COMMON_KIND && len == 8)
|
|
|
168a1c |
flag = NFT_EXTHDR_F_PRESENT;
|
|
|
168a1c |
|
|
|
168a1c |
--
|
|
|
168a1c |
2.31.1
|
|
|
168a1c |
|