diff mbox series

[nft,1/4] netlink: Fix leak in unterminated string deserializer

Message ID 20200120162540.9699-2-phil@nwl.cc
State Accepted
Delegated to: Pablo Neira
Headers show
Series Fixes for a recent covscan run | expand

Commit Message

Phil Sutter Jan. 20, 2020, 4:25 p.m. UTC 
Allocated 'mask' expression is not freed before returning to caller,
although it is used temporarily only.

Fixes: b851ba4731d9f ("src: add interface wildcard matching")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 src/netlink_delinearize.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

Pablo Neira Ayuso Jan. 21, 2020, 12:55 p.m. UTC | #1 
On Mon, Jan 20, 2020 at 05:25:37PM +0100, Phil Sutter wrote:
> Allocated 'mask' expression is not freed before returning to caller,
> although it is used temporarily only.
> 
> Fixes: b851ba4731d9f ("src: add interface wildcard matching")
> Signed-off-by: Phil Sutter <phil@nwl.cc>

Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
diff mbox series

Patch

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 154353b8161a0..06a0312b9921a 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -2030,7 +2030,7 @@  static bool __expr_postprocess_string(struct expr **exprp)
 
 static struct expr *expr_postprocess_string(struct expr *expr)
 {
-	struct expr *mask;
+	struct expr *mask, *out;
 
 	assert(expr_basetype(expr)->type == TYPE_STRING);
 	if (__expr_postprocess_string(&expr))
@@ -2040,7 +2040,9 @@  static struct expr *expr_postprocess_string(struct expr *expr)
 				   BYTEORDER_HOST_ENDIAN,
 				   expr->len + BITS_PER_BYTE, NULL);
 	mpz_init_bitmask(mask->value, expr->len);
-	return string_wildcard_expr_alloc(&expr->location, mask, expr);
+	out = string_wildcard_expr_alloc(&expr->location, mask, expr);
+	expr_free(mask);
+	return out;
 }
 
 static void expr_postprocess(struct rule_pp_ctx *ctx, struct expr **exprp)