netfilter: nf_tables: fix memory leak in nf_tables_parse_netdev_hooks()

Dan Carpenter · ummakynes · commit cd77e75b5e46 · 2020-01-16T14:22:32.000+01:00
Syzbot detected a leak in nf_tables_parse_netdev_hooks(). If the hook already exists, then the error handling doesn't free the newest "hook". Reported-by: syzbot+f9d4095107fc8749c69c@syzkaller.appspotmail.com Fixes: b75a3e8 ("netfilter: nf_tables: allow netdevice to be used only once per flowtable") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
@@ -1680,6 +1680,7 @@ static int nf_tables_parse_netdev_hooks(struct net *net,
 			goto err_hook;
 		}
 		if (nft_hook_list_find(hook_list, hook)) {
+			kfree(hook);
 			err = -EEXIST;
 			goto err_hook;
 		}

Original file line number	Diff line number	Diff line change
`@@ -1680,6 +1680,7 @@ static int nf_tables_parse_netdev_hooks(struct net *net,`
`1680`	`1680`	`goto err_hook;`
`1681`	`1681`	`}`
`1682`	`1682`	`if (nft_hook_list_find(hook_list, hook)) {`
	`1683`	`+ kfree(hook);`
`1683`	`1684`	`err = -EEXIST;`
`1684`	`1685`	`goto err_hook;`
`1685`	`1686`	`}`