netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

nf_ct_put() needs to be called to put the refcount got by
nf_conntrack_find_get() to avoid refcount leak when
nf_conntrack_hash_check_insert() fails.

Fixes: 7d367e06688d ("netfilter: ctnetlink: fix soft lockup when netlink adds new entries (v2)")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Hangyu Hua and committed by

Pablo Neira Ayuso 3 years ago ac489398 92f3e96d

+4 -1

1 changed file

expand all

net

netfilter

nf_conntrack_netlink.c

+4 -1

net/netfilter/nf_conntrack_netlink.c

··· 2375 2375 2376 2376 err = nf_conntrack_hash_check_insert(ct); 2377 2377 if (err < 0) 2378 - goto err2; 2378 + goto err3; 2379 2379 2380 2380 rcu_read_unlock(); 2381 2381 2382 2382 return ct; 2383 2383 2384 + err3: 2385 + if (ct->master) 2386 + nf_ct_put(ct->master); 2384 2387 err2: 2385 2388 rcu_read_unlock(); 2386 2389 err1: