Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit eaae4fa4 authored by Yasuyuki Kozakai's avatar Yasuyuki Kozakai Committed by David S. Miller
Browse files

[NETFILTER]: refcount leak of proto when ctnetlink dumping tuple 



Signed-off-by: default avatarYasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: default avatarHarald Welte <laforge@netfilter.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 46998f59

net/ipv4/netfilter/ip_conntrack_netlink.c

+6 −3
Original line number Original line Diff line number Diff line
@@ -58,14 +58,17 @@ ctnetlink_dump_tuples_proto(struct sk_buff *skb, 
			    const struct ip_conntrack_tuple *tuple)

			    const struct ip_conntrack_tuple *tuple)

{

{

	struct ip_conntrack_protocol *proto;

	struct ip_conntrack_protocol *proto;

	int ret = 0;





	NFA_PUT(skb, CTA_PROTO_NUM, sizeof(u_int8_t), &tuple->dst.protonum);

	NFA_PUT(skb, CTA_PROTO_NUM, sizeof(u_int8_t), &tuple->dst.protonum);





	proto = ip_conntrack_proto_find_get(tuple->dst.protonum);

	proto = ip_conntrack_proto_find_get(tuple->dst.protonum);

	if (proto && proto->tuple_to_nfattr)

	if (likely(proto && proto->tuple_to_nfattr)) {

		return proto->tuple_to_nfattr(skb, tuple);

		ret = proto->tuple_to_nfattr(skb, tuple);

		ip_conntrack_proto_put(proto);

	}





	return 0;

	return ret;





nfattr_failure:

nfattr_failure:

	return -1;

	return -1;