netfilter: nf_conntrack: fix memory leak if sysctl registration fails

In nf_ct_l4proto_register_sysctl, if l4proto sysctl registration fails, we have to make sure that we release the compat sysctl table. This can happen if TCP has been registered compat for IPv4, and IPv6 compat registration fails. Signed-off-by: N Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: nf_conntrack: fix memory leak if sysctl registration fails
In nf_ct_l4proto_register_sysctl, if l4proto sysctl registration fails, we have to make sure that we release the compat sysctl table. This can happen if TCP has been registered compat for IPv4, and IPv6 compat registration fails. Signed-off-by: N Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>
12c26df3 · Gao feng · Pablo Neira Ayuso · fa34fff5 · 12c26df3
隐藏空白更改
内联并排

Showing with 5 addition and 2 deletion

net/netfilter/nf_conntrack_proto.c net/netfilter/nf_conntrack_proto.c +5 -2

未找到文件。
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_conntrack_proto.c
@@ -341,11 +341,14 @@ int nf_ct_l4proto_register_sysctl(struct net *net,
 				kfree(pn->ctl_table);
 				pn->ctl_table = NULL;
 			}
-			goto out;
 		}
 	}
 #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
 	if (l4proto->l3proto != AF_INET6 && pn->ctl_compat_table != NULL) {
+		if (err < 0) {
+			nf_ct_kfree_compat_sysctl_table(pn);
+			goto out;
+		}
 		err = nf_ct_register_sysctl(net,
 					    &pn->ctl_compat_header,
 					    "net/ipv4/netfilter",
@@ -358,8 +361,8 @@ int nf_ct_l4proto_register_sysctl(struct net *net,
 					&pn->ctl_table,
 					pn->users);
 	}
-#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
 out:
+#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
 #endif /* CONFIG_SYSCTL */
 	return err;
 }