| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Apr 2012 16:52:10 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Cc: netdev@...r.kernel.org
Subject: Re: [PATCH 3/3] netfilter: xt_CT: remove a compile warning
On Tue, Apr 03, 2012 at 11:28:50PM +0900, Tetsuo Handa wrote:
> Pablo Neira Ayuso wrote:
> > A bit better patch, no need to hold rcu_read_lock again in
> > xt_ct_tg_timeout_put (even if that doesn't harm).
>
> Patch looks OK.
>
> By the way,
>
> 665 static struct nf_conn *
> 666 __nf_conntrack_alloc(struct net *net, u16 zone,
> 667 const struct nf_conntrack_tuple *orig,
> 668 const struct nf_conntrack_tuple *repl,
> 669 gfp_t gfp, u32 hash)
> 670 {
> (...snipped...)
> 680 atomic_inc(&net->ct.count);
> (...snipped...)
> 698 ct = kmem_cache_alloc(net->ct.nf_conntrack_cachep, gfp);
> 699 if (ct == NULL) {
> 700 atomic_dec(&net->ct.count);
> 701 return ERR_PTR(-ENOMEM);
> 702 }
> (...snipped...)
> 720 if (zone) {
> 721 struct nf_conntrack_zone *nf_ct_zone;
> 722
> 723 nf_ct_zone = nf_ct_ext_add(ct, NF_CT_EXT_ZONE, GFP_ATOMIC);
> 724 if (!nf_ct_zone)
> 725 goto out_free;
> 726 nf_ct_zone->id = zone;
> 727 }
> (...snipped...)
> 737 out_free:
>
> I think we want to call atomic_dec() here.
Good catch :-).
Patch to address this issue follows.
View attachment "0001-netfilter-nf_conntrack-fix-count-leak-in-error-path-.patch" of type "text/x-diff" (992 bytes)
Powered by blists - more mailing lists