Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c2d9a429 authored by Liping Zhang's avatar Liping Zhang Committed by Pablo Neira Ayuso
Browse files

netfilter: nft_log: fix possible memory leak if log expr init fail 



Suppose that we specify the NFTA_LOG_PREFIX, then NFTA_LOG_LEVEL
and NFTA_LOG_GROUP are specified together or nf_logger_find_get
call returns fail, i.e. expr init fail, memory leak will happen.

Signed-off-by: default avatarLiping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 82de0be6

net/netfilter/nft_log.c

+18 −8
Original line number Diff line number Diff line
@@ -52,6 +52,14 @@ static int nft_log_init(const struct nft_ctx *ctx, 
	struct nft_log *priv = nft_expr_priv(expr);

	struct nf_loginfo *li = &priv->loginfo;

	const struct nlattr *nla;

	int err;



	li->type = NF_LOG_TYPE_LOG;

	if (tb[NFTA_LOG_LEVEL] != NULL &&

	    tb[NFTA_LOG_GROUP] != NULL)

		return -EINVAL;

	if (tb[NFTA_LOG_GROUP] != NULL)

		li->type = NF_LOG_TYPE_ULOG;



	nla = tb[NFTA_LOG_PREFIX];

	if (nla != NULL) {
@@ -63,13 +71,6 @@ static int nft_log_init(const struct nft_ctx *ctx, 
		priv->prefix = (char *)nft_log_null_prefix;

	}



	li->type = NF_LOG_TYPE_LOG;

	if (tb[NFTA_LOG_LEVEL] != NULL &&

	    tb[NFTA_LOG_GROUP] != NULL)

		return -EINVAL;

	if (tb[NFTA_LOG_GROUP] != NULL)

		li->type = NF_LOG_TYPE_ULOG;



	switch (li->type) {

	case NF_LOG_TYPE_LOG:

		if (tb[NFTA_LOG_LEVEL] != NULL) {
@@ -96,7 +97,16 @@ static int nft_log_init(const struct nft_ctx *ctx, 
		break;

	}



	return nf_logger_find_get(ctx->afi->family, li->type);

	err = nf_logger_find_get(ctx->afi->family, li->type);

	if (err < 0)

		goto err1;



	return 0;



err1:

	if (priv->prefix != nft_log_null_prefix)

		kfree(priv->prefix);

	return err;

}



static void nft_log_destroy(const struct nft_ctx *ctx,