提交 71c3ebfd 编写于 作者: J Julia Lawall 提交者: Patrick McHardy

netfilter: SNMP NAT: correct the size argument to kzalloc

obj has type struct snmp_object **, not struct snmp_object *.  But indeed
it is not even clear why kmalloc is needed.  The memory is freed by the end
of the function, so the local variable of pointer type should be sufficient.

The semantic patch that makes this change is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@disable sizeof_type_expr@
type T;
T **x;
@@

  x =
  <+...sizeof(
- T
+ *x
  )...+>
// </smpl>
Signed-off-by: NJulia Lawall <julia@diku.dk>
Signed-off-by: NPatrick McHardy <kaber@trash.net>
上级 ceba0b29
...@@ -1038,7 +1038,7 @@ static int snmp_parse_mangle(unsigned char *msg, ...@@ -1038,7 +1038,7 @@ static int snmp_parse_mangle(unsigned char *msg,
unsigned int cls, con, tag, vers, pdutype; unsigned int cls, con, tag, vers, pdutype;
struct asn1_ctx ctx; struct asn1_ctx ctx;
struct asn1_octstr comm; struct asn1_octstr comm;
struct snmp_object **obj; struct snmp_object *obj;
if (debug > 1) if (debug > 1)
hex_dump(msg, len); hex_dump(msg, len);
...@@ -1148,43 +1148,34 @@ static int snmp_parse_mangle(unsigned char *msg, ...@@ -1148,43 +1148,34 @@ static int snmp_parse_mangle(unsigned char *msg,
if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ) if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ)
return 0; return 0;
obj = kmalloc(sizeof(struct snmp_object), GFP_ATOMIC);
if (obj == NULL) {
if (net_ratelimit())
printk(KERN_WARNING "OOM in bsalg(%d)\n", __LINE__);
return 0;
}
while (!asn1_eoc_decode(&ctx, eoc)) { while (!asn1_eoc_decode(&ctx, eoc)) {
unsigned int i; unsigned int i;
if (!snmp_object_decode(&ctx, obj)) { if (!snmp_object_decode(&ctx, &obj)) {
if (*obj) { if (obj) {
kfree((*obj)->id); kfree(obj->id);
kfree(*obj);
}
kfree(obj); kfree(obj);
}
return 0; return 0;
} }
if (debug > 1) { if (debug > 1) {
printk(KERN_DEBUG "bsalg: object: "); printk(KERN_DEBUG "bsalg: object: ");
for (i = 0; i < (*obj)->id_len; i++) { for (i = 0; i < obj->id_len; i++) {
if (i > 0) if (i > 0)
printk("."); printk(".");
printk("%lu", (*obj)->id[i]); printk("%lu", obj->id[i]);
} }
printk(": type=%u\n", (*obj)->type); printk(": type=%u\n", obj->type);
} }
if ((*obj)->type == SNMP_IPADDR) if (obj->type == SNMP_IPADDR)
mangle_address(ctx.begin, ctx.pointer - 4 , map, check); mangle_address(ctx.begin, ctx.pointer - 4 , map, check);
kfree((*obj)->id); kfree(obj->id);
kfree(*obj);
}
kfree(obj); kfree(obj);
}
if (!asn1_eoc_decode(&ctx, eoc)) if (!asn1_eoc_decode(&ctx, eoc))
return 0; return 0;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册