diff options
| author | Gao feng <gaofeng@cn.fujitsu.com> | 2012-06-21 04:36:42 +0000 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-06-27 18:55:22 +0200 |
| commit | 12c26df35eae52f14cf573a1adb85cedaa273d2b (patch) | |
| tree | c5a75e79d0bd95de70d1db4f5c8a4c3a5f6a73b8 /net/netfilter | |
| parent | fa34fff5e69cc56eecf26754c9b57403899ebd0d (diff) | |
| download | kernel_goldelico_gta04-12c26df35eae52f14cf573a1adb85cedaa273d2b.zip kernel_goldelico_gta04-12c26df35eae52f14cf573a1adb85cedaa273d2b.tar.gz kernel_goldelico_gta04-12c26df35eae52f14cf573a1adb85cedaa273d2b.tar.bz2 | |
netfilter: nf_conntrack: fix memory leak if sysctl registration fails
In nf_ct_l4proto_register_sysctl, if l4proto sysctl registration
fails, we have to make sure that we release the compat sysctl
table.
This can happen if TCP has been registered compat for IPv4, and
IPv6 compat registration fails.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/nf_conntrack_proto.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c index 63612e6..21b850c 100644 --- a/net/netfilter/nf_conntrack_proto.c +++ b/net/netfilter/nf_conntrack_proto.c @@ -341,11 +341,14 @@ int nf_ct_l4proto_register_sysctl(struct net *net, kfree(pn->ctl_table); pn->ctl_table = NULL; } - goto out; } } #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT if (l4proto->l3proto != AF_INET6 && pn->ctl_compat_table != NULL) { + if (err < 0) { + nf_ct_kfree_compat_sysctl_table(pn); + goto out; + } err = nf_ct_register_sysctl(net, &pn->ctl_compat_header, "net/ipv4/netfilter", @@ -358,8 +361,8 @@ int nf_ct_l4proto_register_sysctl(struct net *net, &pn->ctl_table, pn->users); } -#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */ out: +#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */ #endif /* CONFIG_SYSCTL */ return err; } |