Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 076d281e authored by Florian Westphal's avatar Florian Westphal Committed by Greg Kroah-Hartman
Browse files

netfilter: nft_socket: fix sk refcount leaks 



commit 8b26ff7af8c32cb4148b3e147c52f9e4c695209c upstream.

We must put 'sk' reference before returning.

Fixes: 039b1f4f ("netfilter: nft_socket: fix erroneous socket assignment")
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent e49e994c

net/netfilter/nft_socket.c

+2 −1
Original line number Diff line number Diff line
@@ -69,7 +69,7 @@ static void nft_socket_eval(const struct nft_expr *expr, 
			*dest = sk->sk_mark;

		} else {

			regs->verdict.code = NFT_BREAK;

			return;

			goto out_put_sk;

		}

		break;

	default:
@@ -77,6 +77,7 @@ static void nft_socket_eval(const struct nft_expr *expr, 
		regs->verdict.code = NFT_BREAK;

	}



out_put_sk:

	if (sk != skb->sk)

		sock_gen_put(sk);

}