Skip to content

Commit 590025a

Browse files
Liping Zhangummakynes
Liping Zhang
authored and
ummakynes
committed
netfilter: nft_ct: fix unpaired nf_connlabels_get/put call
We only get nf_connlabels if the user add ct label set expr successfully, but we will also put nf_connlabels if the user delete ct lable get expr. This is mismathced, and will cause ct label expr cannot work properly. Also, if we init something fail, we should put nf_connlabels back. Otherwise, we may waste to alloc the memory that will never be used. Signed-off-by: Liping Zhang <[email protected]> Acked-by: Florian Westphal <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
1 parent f4dc777 commit 590025a

File tree

1 file changed

+19
-6
lines changed

1 file changed

+19
-6
lines changed

net/netfilter/nft_ct.c

Lines changed: 19 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -366,6 +366,7 @@ static int nft_ct_set_init(const struct nft_ctx *ctx,
366366
const struct nlattr * const tb[])
367367
{
368368
struct nft_ct *priv = nft_expr_priv(expr);
369+
bool label_got = false;
369370
unsigned int len;
370371
int err;
371372

@@ -384,6 +385,7 @@ static int nft_ct_set_init(const struct nft_ctx *ctx,
384385
err = nf_connlabels_get(ctx->net, (len * BITS_PER_BYTE) - 1);
385386
if (err)
386387
return err;
388+
label_got = true;
387389
break;
388390
#endif
389391
default:
@@ -393,17 +395,28 @@ static int nft_ct_set_init(const struct nft_ctx *ctx,
393395
priv->sreg = nft_parse_register(tb[NFTA_CT_SREG]);
394396
err = nft_validate_register_load(priv->sreg, len);
395397
if (err < 0)
396-
return err;
398+
goto err1;
397399

398400
err = nft_ct_l3proto_try_module_get(ctx->afi->family);
399401
if (err < 0)
400-
return err;
402+
goto err1;
401403

402404
return 0;
405+
406+
err1:
407+
if (label_got)
408+
nf_connlabels_put(ctx->net);
409+
return err;
410+
}
411+
412+
static void nft_ct_get_destroy(const struct nft_ctx *ctx,
413+
const struct nft_expr *expr)
414+
{
415+
nft_ct_l3proto_module_put(ctx->afi->family);
403416
}
404417

405-
static void nft_ct_destroy(const struct nft_ctx *ctx,
406-
const struct nft_expr *expr)
418+
static void nft_ct_set_destroy(const struct nft_ctx *ctx,
419+
const struct nft_expr *expr)
407420
{
408421
struct nft_ct *priv = nft_expr_priv(expr);
409422

@@ -475,7 +488,7 @@ static const struct nft_expr_ops nft_ct_get_ops = {
475488
.size = NFT_EXPR_SIZE(sizeof(struct nft_ct)),
476489
.eval = nft_ct_get_eval,
477490
.init = nft_ct_get_init,
478-
.destroy = nft_ct_destroy,
491+
.destroy = nft_ct_get_destroy,
479492
.dump = nft_ct_get_dump,
480493
};
481494

@@ -484,7 +497,7 @@ static const struct nft_expr_ops nft_ct_set_ops = {
484497
.size = NFT_EXPR_SIZE(sizeof(struct nft_ct)),
485498
.eval = nft_ct_set_eval,
486499
.init = nft_ct_set_init,
487-
.destroy = nft_ct_destroy,
500+
.destroy = nft_ct_set_destroy,
488501
.dump = nft_ct_set_dump,
489502
};
490503

0 commit comments

Comments
 (0)