Message ID | 20200330003708.54017-5-pablo@netfilter.org |
---|---|
State | Changes Requested |
Delegated to: | Pablo Neira |
Headers | show
Return-Path: <netfilter-devel-owner@vger.kernel.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=<UNKNOWN>) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netfilter.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 48rD7Q5RvDz9sPF for <incoming@patchwork.ozlabs.org>; Mon, 30 Mar 2020 11:37:22 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727941AbgC3AhW (ORCPT <rfc822;incoming@patchwork.ozlabs.org>); Sun, 29 Mar 2020 20:37:22 -0400 Received: from correo.us.es ([193.147.175.20]:57146 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727889AbgC3AhV (ORCPT <rfc822; netfilter-devel@vger.kernel.org>); Sun, 29 Mar 2020 20:37:21 -0400 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id D47D1EF435 for <netfilter-devel@vger.kernel.org>; Mon, 30 Mar 2020 02:37:18 +0200 (CEST) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id C5C97100A52 for <netfilter-devel@vger.kernel.org>; Mon, 30 Mar 2020 02:37:18 +0200 (CEST) Received: by antivirus1-rhel7.int (Postfix, from userid 99) id BAC20DA736; Mon, 30 Mar 2020 02:37:18 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on antivirus1-rhel7.int X-Spam-Level: X-Spam-Status: No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50, SMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1 Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id DE763DA736; Mon, 30 Mar 2020 02:37:16 +0200 (CEST) Received: from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int (F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); Mon, 30 Mar 2020 02:37:16 +0200 (CEST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int) Received: from salvia.here (unknown [90.77.255.23]) (Authenticated sender: pneira@us.es) by entrada.int (Postfix) with ESMTPA id AFA0542EF42A; Mon, 30 Mar 2020 02:37:16 +0200 (CEST) X-SMTPAUTHUS: auth mail.us.es From: Pablo Neira Ayuso <pablo@netfilter.org> To: netfilter-devel@vger.kernel.org Cc: davem@davemloft.net, netdev@vger.kernel.org Subject: [PATCH 04/26] netfilter: nf_tables: fix double-free on set expression from the error path Date: Mon, 30 Mar 2020 02:36:46 +0200 Message-Id: <20200330003708.54017-5-pablo@netfilter.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20200330003708.54017-1-pablo@netfilter.org> References: <20200330003708.54017-1-pablo@netfilter.org> X-Virus-Scanned: ClamAV using ClamSMTP Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: <netfilter-devel.vger.kernel.org> X-Mailing-List: netfilter-devel@vger.kernel.org |
Series |
[01/26] netfilter: nf_tables: move nft_expr_clone() to nf_tables_api.c
|
expand
|
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index f1910cd795fd..29ad33e52dbb 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -5133,6 +5133,7 @@ static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set, if (expr) { memcpy(nft_set_ext_expr(ext), expr, expr->ops->size); kfree(expr); + expr = NULL; } trans = nft_trans_elem_alloc(ctx, NFT_MSG_NEWSETELEM, set);
After copying the expression to the set element extension, release the expression and reset the pointer to avoid a double-free from the error path. Fixes: 409444522976 ("netfilter: nf_tables: add elements with stateful expressions") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- net/netfilter/nf_tables_api.c | 1 + 1 file changed, 1 insertion(+)