From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Thu, 16 Jan 2020 10:09:31 +0000 (+0300)
Subject: netfilter: nf_tables: fix memory leak in nf_tables_parse_netdev_hooks()
X-Git-Tag: baikal/mips/sdk5.9~14532^2~11^2~2
X-Git-Url: https://git.baikalelectronics.ru/sdk/?a=commitdiff_plain;h=32d9a4bf0c2d72fb3b8842af4131077ad3ba1439;p=kernel.git

netfilter: nf_tables: fix memory leak in nf_tables_parse_netdev_hooks()

Syzbot detected a leak in nf_tables_parse_netdev_hooks().  If the hook
already exists, then the error handling doesn't free the newest "hook".

Reported-by: syzbot+f9d4095107fc8749c69c@syzkaller.appspotmail.com
Fixes: 9da2c8215737 ("netfilter: nf_tables: allow netdevice to be used only once per flowtable")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index b3692458d428e..896a6e8aff914 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1680,6 +1680,7 @@ static int nf_tables_parse_netdev_hooks(struct net *net,
 			goto err_hook;
 		}
 		if (nft_hook_list_find(hook_list, hook)) {
+			kfree(hook);
 			err = -EEXIST;
 			goto err_hook;
 		}