Commit e317fa50 authored Jul 18, 2015 by Eric W. Biederman Committed by Pablo Neira Ayuso Jul 20, 2015

netfilter: Fix memory leak in nf_register_net_hook



In the rare case that when it is a attempted to use a per network device
netfilter hook and the network device does not exist the newly allocated
structure can leak.

Be a good citizen and free the newly allocated structure in the error
handling code.

Fixes: 085db2c0 ("netfilter: Per network namespace netfilter hooks.")
Reported-by:  <kbuild@01.org>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 6c7941de

net/netfilter/core.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -96,8 +96,10 @@ int nf_register_net_hook(struct net net, const struct nf_hook_ops reg)
		new->priority = reg->priority;

		nf_hook_list = find_nf_hook_list(net, reg);
		if (!nf_hook_list)
		if (!nf_hook_list) {
		kfree(new);
		return -ENOENT;
		}

		mutex_lock(&nf_hook_mutex);
		list_for_each_entry(elem, nf_hook_list, list) {