Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 64507fdb authored by Eric Dumazet's avatar Eric Dumazet Committed by Patrick McHardy
Browse files

netfilter: nf_queue: fix NF_STOLEN skb leak 



commit 3bc38712 (handle NF_STOP and unknown verdicts in
nf_reinject) was a partial fix to packet leaks.

If user asks NF_STOLEN status, we must free the skb as well.

Reported-by: default avatarAfi Gjermund <afigjermund@gmail.com>
Signed-off-by: default avatarEric DUmazet <eric.dumazet@gmail.com>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent a88e22ad

net/netfilter/nf_queue.c

+1 −1
Original line number Original line Diff line number Diff line
@@ -265,7 +265,6 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) 
		local_bh_disable();

		local_bh_disable();

		entry->okfn(skb);

		entry->okfn(skb);

		local_bh_enable();

		local_bh_enable();

	case NF_STOLEN:

		break;

		break;

	case NF_QUEUE:

	case NF_QUEUE:

		if (!__nf_queue(skb, elem, entry->pf, entry->hook,

		if (!__nf_queue(skb, elem, entry->pf, entry->hook,
@@ -273,6 +272,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) 
				verdict >> NF_VERDICT_BITS))

				verdict >> NF_VERDICT_BITS))

			goto next_hook;

			goto next_hook;

		break;

		break;

	case NF_STOLEN:

	default:

	default:

		kfree_skb(skb);

		kfree_skb(skb);

	}

	}