[NETFILTER]: Fix double free after netlink_unicast() in ctnetlink (0f81eb4d) · Commits · e / devices / android_kernel_xiaomi_markw

net/ipv4/netfilter/ip_conntrack_netlink.c

+7 −12

Original line number	Diff line number	Diff line
		@@ -815,7 +815,7 @@ ctnetlink_get_conntrack(struct sock ctnl, struct sk_buff skb,
		IPCTNL_MSG_CT_NEW, 1, ct);
		ip_conntrack_put(ct);
		if (err <= 0)
		goto out;
		goto free;

		err = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT);
		if (err < 0)
		@@ -824,9 +824,9 @@ ctnetlink_get_conntrack(struct sock ctnl, struct sk_buff skb,
		DEBUGP("leaving\n");
		return 0;

		out:
		if (skb2)
		free:
		kfree_skb(skb2);
		out:
		return -1;
		}

		@@ -1322,21 +1322,16 @@ ctnetlink_get_expect(struct sock ctnl, struct sk_buff skb,
		nlh->nlmsg_seq, IPCTNL_MSG_EXP_NEW,
		1, exp);
		if (err <= 0)
		goto out;
		goto free;

		ip_conntrack_expect_put(exp);

		err = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT);
		if (err < 0)
		goto free;

		return err;
		return netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT);

		out:
		ip_conntrack_expect_put(exp);
		free:
		if (skb2)
		kfree_skb(skb2);
		out:
		ip_conntrack_expect_put(exp);
		return err;
		}