[NETFILTER] refcount leak of proto when ctnetlink dumping tuple Signed-off-by: Yasuyuki Kozakai <[EMAIL PROTECTED]> Signed-off-by: Harald Welte <[EMAIL PROTECTED]>
---
commit dce6b47e7a1f4b7f34e0f696f15b9c8361a8f64e
tree 40798ea28cceb7174104c7ad22161b75e7f130af
parent 4f97be1da822b520d2a27b8766cf7742ed5231f8
author Harald Welte <[EMAIL PROTECTED]> Sat, 05 Nov 2005 11:17:16 +0100
committer Harald Welte <[EMAIL PROTECTED]> Sat, 05 Nov 2005 11:17:16 +0100
net/ipv4/netfilter/ip_conntrack_netlink.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c
b/net/ipv4/netfilter/ip_conntrack_netlink.c
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -58,14 +58,17 @@ ctnetlink_dump_tuples_proto(struct sk_bu
const struct ip_conntrack_tuple *tuple)
{
struct ip_conntrack_protocol *proto;
+ int ret = 0;
NFA_PUT(skb, CTA_PROTO_NUM, sizeof(u_int8_t), &tuple->dst.protonum);
proto = ip_conntrack_proto_find_get(tuple->dst.protonum);
- if (proto && proto->tuple_to_nfattr)
- return proto->tuple_to_nfattr(skb, tuple);
+ if (likely(proto && proto->tuple_to_nfattr)) {
+ ret = proto->tuple_to_nfattr(skb, tuple);
+ ip_conntrack_proto_put(proto);
+ }
- return 0;
+ return ret;
nfattr_failure:
return -1;
--
- Harald Welte <[EMAIL PROTECTED]> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
pgpkiW3JnI5ku.pgp
Description: PGP signature
