|
 |
3730f4 |
From cc70f19e588a0a33ed86c4a059b56a8f5b0c7a82 Mon Sep 17 00:00:00 2001
|
|
|
3730f4 |
From: Phil Sutter <psutter@redhat.com>
|
|
|
3730f4 |
Date: Mon, 27 Jan 2020 16:11:41 +0100
|
|
|
3730f4 |
Subject: [PATCH] netlink: Fix leak in unterminated string deserializer
|
|
|
3730f4 |
|
|
|
3730f4 |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1793030
|
|
|
3730f4 |
Upstream Status: nftables commit c3f6be3f2dced
|
|
|
3730f4 |
|
|
|
3730f4 |
commit c3f6be3f2dcedf6d79751c0b975315ebc3184364
|
|
|
3730f4 |
Author: Phil Sutter <phil@nwl.cc>
|
|
|
3730f4 |
Date: Mon Jan 20 13:52:10 2020 +0100
|
|
|
3730f4 |
|
|
|
3730f4 |
netlink: Fix leak in unterminated string deserializer
|
|
|
3730f4 |
|
|
|
3730f4 |
Allocated 'mask' expression is not freed before returning to caller,
|
|
|
3730f4 |
although it is used temporarily only.
|
|
|
3730f4 |
|
|
|
3730f4 |
Fixes: b851ba4731d9f ("src: add interface wildcard matching")
|
|
|
3730f4 |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
3730f4 |
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
3730f4 |
---
|
|
|
3730f4 |
src/netlink_delinearize.c | 6 ++++--
|
|
|
3730f4 |
1 file changed, 4 insertions(+), 2 deletions(-)
|
|
|
3730f4 |
|
|
|
3730f4 |
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
|
|
|
3730f4 |
index 154353b..06a0312 100644
|
|
|
3730f4 |
--- a/src/netlink_delinearize.c
|
|
|
3730f4 |
+++ b/src/netlink_delinearize.c
|
|
|
3730f4 |
@@ -2030,7 +2030,7 @@ static bool __expr_postprocess_string(struct expr **exprp)
|
|
|
3730f4 |
|
|
|
3730f4 |
static struct expr *expr_postprocess_string(struct expr *expr)
|
|
|
3730f4 |
{
|
|
|
3730f4 |
- struct expr *mask;
|
|
|
3730f4 |
+ struct expr *mask, *out;
|
|
|
3730f4 |
|
|
|
3730f4 |
assert(expr_basetype(expr)->type == TYPE_STRING);
|
|
|
3730f4 |
if (__expr_postprocess_string(&expr))
|
|
|
3730f4 |
@@ -2040,7 +2040,9 @@ static struct expr *expr_postprocess_string(struct expr *expr)
|
|
|
3730f4 |
BYTEORDER_HOST_ENDIAN,
|
|
|
3730f4 |
expr->len + BITS_PER_BYTE, NULL);
|
|
|
3730f4 |
mpz_init_bitmask(mask->value, expr->len);
|
|
|
3730f4 |
- return string_wildcard_expr_alloc(&expr->location, mask, expr);
|
|
|
3730f4 |
+ out = string_wildcard_expr_alloc(&expr->location, mask, expr);
|
|
|
3730f4 |
+ expr_free(mask);
|
|
|
3730f4 |
+ return out;
|
|
|
3730f4 |
}
|
|
|
3730f4 |
|
|
|
3730f4 |
static void expr_postprocess(struct rule_pp_ctx *ctx, struct expr **exprp)
|
|
|
3730f4 |
--
|
|
|
3730f4 |
1.8.3.1
|
|
|
3730f4 |
|