@@ -751,19 +751,18 @@ mtype_del(struct ip_set *set, void *value, const struct ip_set_ext *ext,
if (SET_WITH_TIMEOUT(set) &&
ip_set_timeout_expired(ext_timeout(data, set)))
goto out;
- if (i != n->pos - 1)
- /* Not last one */
- memcpy(data, ahash_data(n, n->pos - 1, set->dsize),
- set->dsize);
-
- n->pos--;
- h->elements--;
#ifdef IP_SET_HASH_WITH_NETS
for (j = 0; j < IPSET_NET_COUNT; j++)
mtype_del_cidr(h, SCIDR(d->cidr, j), NLEN(set->family),
j);
#endif
ip_set_ext_destroy(set, data);
+ if (i != n->pos - 1)
+ /* Not last one */
+ memcpy(data, ahash_data(n, n->pos - 1, set->dsize),
+ set->dsize);
+ n->pos--;
+ h->elements--;
if (n->pos + AHASH_INIT_SIZE < n->size) {
void *tmp = kzalloc((n->size - AHASH_INIT_SIZE)
* set->dsize,
If set created with comment extension we should destroy it prior to reusing removed entry slot. Overwise we freeing valid entry comment string and leaking one in removed entry. Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua> --- net/netfilter/ipset/ip_set_hash_gen.h | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-)