From: Eric W. Biederman <ebiederm@xmission.com>
Date: Sat, 18 Jul 2015 15:21:14 +0000 (-0500)
Subject: netfilter: Fix memory leak in nf_register_net_hook
X-Git-Tag: firefly_0821_release~176^2~1159^2~228^2~7
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=e317fa505dcdfa25f0e4c888f991eb7fd1562e1e;p=firefly-linux-kernel-4.4.55.git

netfilter: Fix memory leak in nf_register_net_hook

In the rare case that when it is a attempted to use a per network device
netfilter hook and the network device does not exist the newly allocated
structure can leak.

Be a good citizen and free the newly allocated structure in the error
handling code.

Fixes: 085db2c04557 ("netfilter: Per network namespace netfilter hooks.")
Reported-by: kbuild@01.org
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 6896cee8b733..87d237d20870 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -96,8 +96,10 @@ int nf_register_net_hook(struct net *net, const struct nf_hook_ops *reg)
 	new->priority = reg->priority;
 
 	nf_hook_list = find_nf_hook_list(net, reg);
-	if (!nf_hook_list)
+	if (!nf_hook_list) {
+		kfree(new);
 		return -ENOENT;
+	}
 
 	mutex_lock(&nf_hook_mutex);
 	list_for_each_entry(elem, nf_hook_list, list) {