diff mbox series

[v3] netfilter: nf_conntrack_bridge: Fix memory leak when error

Message ID 20210729082021.14407-1-yajun.deng@linux.dev
State New
Headers show
Series [v3] netfilter: nf_conntrack_bridge: Fix memory leak when error | expand

Commit Message

Yajun Deng July 29, 2021, 8:20 a.m. UTC 
It should be added kfree_skb_list() when err is not equal to zero
in nf_br_ip_fragment().

v2: keep this aligned with IPv6.
v3: modify iter.frag_list to iter.frag.

Fixes: 3c171f496ef5 ("netfilter: bridge: add connection tracking system")
Signed-off-by: Yajun Deng <yajun.deng@linux.dev>
---
 net/bridge/netfilter/nf_conntrack_bridge.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Pablo Neira Ayuso Aug. 1, 2021, 10:15 a.m. UTC | #1 
On Thu, Jul 29, 2021 at 04:20:21PM +0800, Yajun Deng wrote:
> It should be added kfree_skb_list() when err is not equal to zero

> in nf_br_ip_fragment().


Applied, thanks.
diff mbox series

Patch

diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c
index 8d033a75a766..d184306e1ba8 100644
--- a/net/bridge/netfilter/nf_conntrack_bridge.c
+++ b/net/bridge/netfilter/nf_conntrack_bridge.c
@@ -88,6 +88,11 @@  static int nf_br_ip_fragment(struct net *net, struct sock *sk,
 
 			skb = ip_fraglist_next(&iter);
 		}
+
+		if (!err)
+			return 0;
+
+		kfree_skb_list(iter.frag);
 		return err;
 	}
 slow_path: