Message ID | 1466428305-58285-1-git-send-email-zlpnobody@163.com |
---|---|
State | Accepted |
Delegated to: | Pablo Neira |
Headers | show |
On Mon, Jun 20, 2016 at 09:11:45PM +0800, Liping Zhang wrote: > From: Liping Zhang <liping.zhang@spreadtrum.com> > > If expr init fails then we need to free it. > > So when the user add a nft rule as follows: > # nft add rule filter input tcp dport 22 flow table ssh \ > { ip saddr limit rate 0/second } > memory leak will happen. Applied to nf, thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 2c88187..cf7c745 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1724,9 +1724,11 @@ struct nft_expr *nft_expr_init(const struct nft_ctx *ctx, err = nf_tables_newexpr(ctx, &info, expr); if (err < 0) - goto err2; + goto err3; return expr; +err3: + kfree(expr); err2: module_put(info.ops->type->owner); err1: