From patchwork Tue Aug 18 00:04:04 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 508145 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 4720914012C for ; Tue, 18 Aug 2015 09:58:02 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752100AbbHQX6B (ORCPT ); Mon, 17 Aug 2015 19:58:01 -0400 Received: from mail.us.es ([193.147.175.20]:38900 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752043AbbHQX6B (ORCPT ); Mon, 17 Aug 2015 19:58:01 -0400 Received: (qmail 15814 invoked from network); 18 Aug 2015 01:57:54 +0200 Received: from unknown (HELO us.es) (192.168.2.13) by us.es with SMTP; 18 Aug 2015 01:57:54 +0200 Received: (qmail 31148 invoked by uid 507); 17 Aug 2015 23:57:53 -0000 X-Qmail-Scanner-Diagnostics: from 127.0.0.1 by antivirus3 (envelope-from , uid 501) with qmail-scanner-2.10 (clamdscan: 0.98.7/20800. spamassassin: 3.4.0. Clear:RC:1(127.0.0.1):SA:0(-103.2/7.5):. Processed in 2.270944 secs); 17 Aug 2015 23:57:53 -0000 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on antivirus3 X-Spam-Level: X-Spam-Status: No, score=-103.2 required=7.5 tests=BAYES_50,SMTPAUTH_US, USER_IN_WHITELIST autolearn=disabled version=3.4.0 X-Spam-ASN: AS209 67.128.0.0/13 X-Envelope-From: pablo@netfilter.org Received: from unknown (HELO antivirus3) (127.0.0.1) by us.es with SMTP; 17 Aug 2015 23:57:51 -0000 Received: from 192.168.1.13 (192.168.1.13) by antivirus3 (F-Secure/fsigk_smtp/412/antivirus3); Tue, 18 Aug 2015 01:57:51 +0200 (CEST) X-Virus-Status: clean(F-Secure/fsigk_smtp/412/antivirus3) Received: (qmail 24871 invoked from network); 18 Aug 2015 01:57:50 +0200 Received: from 67-135-43-11.dia.static.qwest.net (HELO salvia.singledigits.net) (pneira@us.es@67.135.43.11) by mail.us.es with SMTP; 18 Aug 2015 01:57:50 +0200 From: Pablo Neira Ayuso To: netfilter-devel@vger.kernel.org Cc: kaber@trash.net Subject: [PATCH libnftnl] expr: immediate: fix leak in expression destroy path Date: Tue, 18 Aug 2015 02:04:04 +0200 Message-Id: <1439856244-10337-1-git-send-email-pablo@netfilter.org> X-Mailer: git-send-email 1.7.10.4 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org The verdict can be a chain string, make sure we release it when the expression is destroyed. This patch adds a new nft_free_data() for this purpose and use it from the immediate expression. Signed-off-by: Pablo Neira Ayuso --- include/data_reg.h | 1 + src/expr/data_reg.c | 11 +++++++++++ src/expr/immediate.c | 9 +++++++++ 3 files changed, 21 insertions(+) diff --git a/include/data_reg.h b/include/data_reg.h index cf14988..e0fdd10 100644 --- a/include/data_reg.h +++ b/include/data_reg.h @@ -28,5 +28,6 @@ int nft_data_reg_snprintf(char *buf, size_t size, union nft_data_reg *reg, struct nlattr; int nft_parse_data(union nft_data_reg *data, struct nlattr *attr, int *type); +void nft_free_verdict(union nft_data_reg *data); #endif diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c index b5fbdf2..b375db4 100644 --- a/src/expr/data_reg.c +++ b/src/expr/data_reg.c @@ -499,3 +499,14 @@ int nft_parse_data(union nft_data_reg *data, struct nlattr *attr, int *type) return ret; } +void nft_free_verdict(union nft_data_reg *data) +{ + switch(data->verdict) { + case NFT_JUMP: + case NFT_GOTO: + xfree(data->chain); + break; + default: + break; + } +} diff --git a/src/expr/immediate.c b/src/expr/immediate.c index 692d9e9..cf06190 100644 --- a/src/expr/immediate.c +++ b/src/expr/immediate.c @@ -309,10 +309,19 @@ nft_rule_expr_immediate_snprintf(char *buf, size_t len, uint32_t type, return -1; } +static void nft_rule_expr_immediate_free(struct nft_rule_expr *e) +{ + struct nft_expr_immediate *imm = nft_expr_data(e); + + if (e->flags & (1 << NFT_EXPR_IMM_VERDICT)) + nft_free_verdict(&imm->data); +} + struct expr_ops expr_ops_immediate = { .name = "immediate", .alloc_len = sizeof(struct nft_expr_immediate), .max_attr = NFTA_IMMEDIATE_MAX, + .free = nft_rule_expr_immediate_free, .set = nft_rule_expr_immediate_set, .get = nft_rule_expr_immediate_get, .parse = nft_rule_expr_immediate_parse,