Blame SOURCES/0065-parser_json-Fix-for-memleak-in-tcp-option-error-path.patch

252916
From 99d51194569f2784261f452ee821c42c3a7a6808 Mon Sep 17 00:00:00 2001
252916
From: Phil Sutter <psutter@redhat.com>
252916
Date: Wed, 6 Oct 2021 17:32:04 +0200
252916
Subject: [PATCH] parser_json: Fix for memleak in tcp option error path
252916
252916
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999059
252916
Upstream Status: nftables commit f7b0eef8391ae
252916
252916
commit f7b0eef8391ae7f89a3a82f6eeecaebe199224d7
252916
Author: Phil Sutter <phil@nwl.cc>
252916
Date:   Fri Jun 11 16:07:02 2021 +0200
252916
252916
    parser_json: Fix for memleak in tcp option error path
252916
252916
    If 'kind' value is invalid, the function returned without freeing 'expr'
252916
    first. Fix this by performing the check before allocation.
252916
252916
    Fixes: cb21869649208 ("json: tcp: add raw tcp option match support")
252916
    Signed-off-by: Phil Sutter <phil@nwl.cc>
252916
---
252916
 src/parser_json.c | 6 +++---
252916
 1 file changed, 3 insertions(+), 3 deletions(-)
252916
252916
diff --git a/src/parser_json.c b/src/parser_json.c
252916
index ef4d4fb..2250be9 100644
252916
--- a/src/parser_json.c
252916
+++ b/src/parser_json.c
252916
@@ -610,12 +610,12 @@ static struct expr *json_parse_tcp_option_expr(struct json_ctx *ctx,
252916
 			"base", &kind, "offset", &offset, "len", &len)) {
252916
 		uint32_t flag = 0;
252916
 
252916
-		expr = tcpopt_expr_alloc(int_loc, kind,
252916
-					 TCPOPT_COMMON_KIND);
252916
-
252916
 		if (kind < 0 || kind > 255)
252916
 			return NULL;
252916
 
252916
+		expr = tcpopt_expr_alloc(int_loc, kind,
252916
+					 TCPOPT_COMMON_KIND);
252916
+
252916
 		if (offset == TCPOPT_COMMON_KIND && len == 8)
252916
 			flag = NFT_EXTHDR_F_PRESENT;
252916
 
252916
-- 
252916
2.31.1
252916