Blame SOURCES/0065-parser_json-Fix-for-memleak-in-tcp-option-error-path.patch

bfbb76
From 99d51194569f2784261f452ee821c42c3a7a6808 Mon Sep 17 00:00:00 2001
bfbb76
From: Phil Sutter <psutter@redhat.com>
bfbb76
Date: Wed, 6 Oct 2021 17:32:04 +0200
bfbb76
Subject: [PATCH] parser_json: Fix for memleak in tcp option error path
bfbb76
bfbb76
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999059
bfbb76
Upstream Status: nftables commit f7b0eef8391ae
bfbb76
bfbb76
commit f7b0eef8391ae7f89a3a82f6eeecaebe199224d7
bfbb76
Author: Phil Sutter <phil@nwl.cc>
bfbb76
Date:   Fri Jun 11 16:07:02 2021 +0200
bfbb76
bfbb76
    parser_json: Fix for memleak in tcp option error path
bfbb76
bfbb76
    If 'kind' value is invalid, the function returned without freeing 'expr'
bfbb76
    first. Fix this by performing the check before allocation.
bfbb76
bfbb76
    Fixes: cb21869649208 ("json: tcp: add raw tcp option match support")
bfbb76
    Signed-off-by: Phil Sutter <phil@nwl.cc>
bfbb76
---
bfbb76
 src/parser_json.c | 6 +++---
bfbb76
 1 file changed, 3 insertions(+), 3 deletions(-)
bfbb76
bfbb76
diff --git a/src/parser_json.c b/src/parser_json.c
bfbb76
index ef4d4fb..2250be9 100644
bfbb76
--- a/src/parser_json.c
bfbb76
+++ b/src/parser_json.c
bfbb76
@@ -610,12 +610,12 @@ static struct expr *json_parse_tcp_option_expr(struct json_ctx *ctx,
bfbb76
 			"base", &kind, "offset", &offset, "len", &len)) {
bfbb76
 		uint32_t flag = 0;
bfbb76
 
bfbb76
-		expr = tcpopt_expr_alloc(int_loc, kind,
bfbb76
-					 TCPOPT_COMMON_KIND);
bfbb76
-
bfbb76
 		if (kind < 0 || kind > 255)
bfbb76
 			return NULL;
bfbb76
 
bfbb76
+		expr = tcpopt_expr_alloc(int_loc, kind,
bfbb76
+					 TCPOPT_COMMON_KIND);
bfbb76
+
bfbb76
 		if (offset == TCPOPT_COMMON_KIND && len == 8)
bfbb76
 			flag = NFT_EXTHDR_F_PRESENT;
bfbb76
 
bfbb76
-- 
bfbb76
2.31.1
bfbb76