netfilter: nft_connlimit: memleak if nf_ct_netns_get() fails

Check if nf_ct_netns_get() fails then release the limit object previously allocated via kmalloc(). Fixes: 37f319f3 ("netfilter: nft_connlimit: move stateful fields out of expression data") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: nft_connlimit: memleak if nf_ct_netns_get() fails
Check if nf_ct_netns_get() fails then release the limit object previously allocated via kmalloc(). Fixes: 37f319f3 ("netfilter: nft_connlimit: move stateful fields out of expression data") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
7d70984a · Pablo Neira Ayuso · fe75e84a · 7d70984a
Commit 7d70984a authored Jan 13, 2022 by Pablo Neira Ayuso
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 1 deletion

net/netfilter/nft_connlimit.c net/netfilter/nft_connlimit.c +10 -1

No files found.
--- a/net/netfilter/nft_connlimit.c
+++ b/net/netfilter/nft_connlimit.c
@@ -62,6 +62,7 @@ static int nft_connlimit_do_init(const struct nft_ctx *ctx,
 {
 	bool invert = false;
 	u32 flags, limit;
+	int err;

 	if (!tb[NFTA_CONNLIMIT_COUNT])
 		return -EINVAL;
@@ -84,7 +85,15 @@ static int nft_connlimit_do_init(const struct nft_ctx *ctx,
 	priv->limit	= limit;
 	priv->invert	= invert;

-	return nf_ct_netns_get(ctx->net, ctx->family);
+	err = nf_ct_netns_get(ctx->net, ctx->family);
+	if (err < 0)
+		goto err_netns;
+
+	return 0;
+err_netns:
+	kfree(priv->list);
+
+	return err;
 }

 static void nft_connlimit_do_destroy(const struct nft_ctx *ctx,