From patchwork Mon Mar 16 13:40:13 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sergey Popovich <popovich_sergei@mail.ua>
X-Patchwork-Id: 450582
X-Patchwork-Delegate: kadlec@blackhole.kfki.hu
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 0857A140083
	for <incoming@patchwork.ozlabs.org>;
	Tue, 17 Mar 2015 01:05:50 +1100 (AEDT)
Authentication-Results: ozlabs.org; dkim=fail
	reason="verification failed; unprotected key"
	header.d=mail.ua header.i=@mail.ua header.b=MzhlRZf0;
	dkim-adsp=fail (unprotected policy); dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753806AbbCPOFt (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Mon, 16 Mar 2015 10:05:49 -0400
Received: from fallback7.mail.ru ([94.100.181.128]:53968 "EHLO
	fallback7.mail.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751989AbbCPOFs (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Mon, 16 Mar 2015 10:05:48 -0400
Received: from smtp32.i.mail.ru (smtp32.i.mail.ru [94.100.177.92])
	by fallback7.mail.ru (mPOP.Fallback_MX) with ESMTP id 95E28133E109A
	for <netfilter-devel@vger.kernel.org>;
	Mon, 16 Mar 2015 16:40:21 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ua;
	s=mail;
	h=References:In-Reply-To:Message-Id:Date:Subject:To:From;
	bh=uZhvIay+2PODyLSB4B2hYAKguAe0fx+BQ3xWX++5f6k=;
	b=MzhlRZf0F0XRGka1O7Dexja52NEyFx3J45/C0qFqhlSh/3MOKkaxWTq9k1AQ/bu9OtEtHjmqp+9beVrl5s9azNkmVE3i2qasJVsrf7ap4lyCNw5nfRB9gdTjZ+e1MXhcC6HDzqohA0yuSD8AsGpcFeQ+Jc7Jt1tqEvdPJLGC1Bg=;
Received: from [2a01:6d80::195:20:96:53] (port=57337
	helo=tuxracer.localdomain)
	by smtp32.i.mail.ru with esmtpa (envelope-from
	<popovich_sergei@mail.ua>)
	id 1YXVFj-0006MQ-Lk; Mon, 16 Mar 2015 16:40:19 +0300
From: Sergey Popovich <popovich_sergei@mail.ua>
To: netfilter-devel@vger.kernel.org, popovich_sergei@mail.ru
Subject: netfilter: ipset: Destroy extensions before moving non-last entry
Date: Mon, 16 Mar 2015 15:40:13 +0200
Message-Id: 
 <cb541e8503344c1dd6762540419934f62d2ddc16.1426509747.git.popovich_sergei@mail.ua>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <cover.1426509747.git.popovich_sergei@mail.ua>
References: <cover.1426509747.git.popovich_sergei@mail.ua>
X-Spam: Not detected
X-Mras: Ok
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

If set created with comment extension we should destroy it
prior to reusing removed entry slot. Overwise we freeing
valid entry comment string and leaking one in removed entry.

Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua>
---
 net/netfilter/ipset/ip_set_hash_gen.h |   13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index c55bbbf..7122cd8 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -751,19 +751,18 @@ mtype_del(struct ip_set *set, void *value, const struct ip_set_ext *ext,
 		if (SET_WITH_TIMEOUT(set) &&
 		    ip_set_timeout_expired(ext_timeout(data, set)))
 			goto out;
-		if (i != n->pos - 1)
-			/* Not last one */
-			memcpy(data, ahash_data(n, n->pos - 1, set->dsize),
-			       set->dsize);
-
-		n->pos--;
-		h->elements--;
 #ifdef IP_SET_HASH_WITH_NETS
 		for (j = 0; j < IPSET_NET_COUNT; j++)
 			mtype_del_cidr(h, SCIDR(d->cidr, j), NLEN(set->family),
 				       j);
 #endif
 		ip_set_ext_destroy(set, data);
+		if (i != n->pos - 1)
+			/* Not last one */
+			memcpy(data, ahash_data(n, n->pos - 1, set->dsize),
+			       set->dsize);
+		n->pos--;
+		h->elements--;
 		if (n->pos + AHASH_INIT_SIZE < n->size) {
 			void *tmp = kzalloc((n->size - AHASH_INIT_SIZE)
 					    * set->dsize,