Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp5897278pxv; Thu, 29 Jul 2021 00:51:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxjWqFkAJylRBzRyS/xz2sj4Dw6yViP1mF8hnDFaJfwQFo42Tpg/i3TQnYyoJroJNCQYKul X-Received: by 2002:a17:907:1b02:: with SMTP id mp2mr3520769ejc.196.1627545074831; Thu, 29 Jul 2021 00:51:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627545074; cv=none; d=google.com; s=arc-20160816; b=nH0m+uBzYfIXbMeAXJ3J5AyZ+FkHTmv+H30UrIhKxqCAwqvkeERZw+IgQHD5MmBUOs 2cFFv2aUlx25cgoPOwzMXj/OhNgPI+hJnZigClW2AomHAc6+SsIdrIqVqu6gTZvPmx9b 7tN0zWTlgWBLNO3PK6AUMaBKrR4tcpEXXjwCjcH1Cvc/Q1zssS3bQU51oCNcdbNXqD/G u4wD6TsnvnD9ockoJD8WAymijgal6QGd2atg0RzXqhoRnBFbYoFXvTC7iLu5Gk/IwqCV XGTexLA8I1G1LyyEJbgTjLbhi7KKPf2hMTXbE2J5MZTAVXsq/JrLOxyvcR8osfDlkFPy deLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=XXimOoQI1d0O8kEjg5QeSeqgs9ahW1SYrIjYJUFIUFk=; b=sarAnRxRbIv3/o2+h1lnqjwYpYcRGiEi7z1cc1wrn+4jBhSSuyGLvF91sWrV2wNUKR EWUu8zBo1DX5HfSEAwIMFUM0uR4isBHvRy+O236fceyau6GlZ5D2oR1pkyFtHEWrFdPw uSpuAC0JqLuCSw67eeEE1cD4A+P/zsb0rDnUr07KHgPIsV50TMcWNjMr4hz53oqgWOTJ nNP9uL68EkdUfv7TY1OZYvKF7sN4J/8WGjAKR7Iyxt5zHvuPJi8IkUrD42VLMoY5zaFT voNFP8LjSUwrJgW6MkpeFCGELRvMPCTh872AYkYzr9JzFIhDEpSQ0ExjOLQlaC9GFAjw yDnw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=ZxU028pH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l13si2581596ejg.289.2021.07.29.00.50.52; Thu, 29 Jul 2021 00:51:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=ZxU028pH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234686AbhG2HrS (ORCPT + 99 others); Thu, 29 Jul 2021 03:47:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49310 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234524AbhG2HrR (ORCPT ); Thu, 29 Jul 2021 03:47:17 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DF0B7C061757; Thu, 29 Jul 2021 00:47:14 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1627544832; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=XXimOoQI1d0O8kEjg5QeSeqgs9ahW1SYrIjYJUFIUFk=; b=ZxU028pHpwvCtyCHblNHopevwPhNISY8scbRLab5RO12ZB79ThzDFEUOMpoitqLZcEhufp MJ54uK4qZoUJk7QEp6rYStFMQ0B1Ub76M1kpRxuJ5cFk3knShr9ucpjgEh5Q7sc/GbEd7f EuIcMCBQb5gpowr3KfbDZ5/moNDpICM= From: Yajun Deng To: pablo@netfilter.org, kadlec@netfilter.org, fw@strlen.de Cc: netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux-foundation.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Yajun Deng Subject: [PATCH v2] netfilter: nf_conntrack_bridge: Fix memory leak when error Date: Thu, 29 Jul 2021 15:46:58 +0800 Message-Id: <20210729074658.8538-1-yajun.deng@linux.dev> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: yajun.deng@linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org It should be added kfree_skb_list() when err is not equal to zero in nf_br_ip_fragment(). v2: keep this aligned with IPv6. Fixes: 3c171f496ef5 ("netfilter: bridge: add connection tracking system") Signed-off-by: Yajun Deng --- net/bridge/netfilter/nf_conntrack_bridge.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c index 8d033a75a766..3cf5457919c6 100644 --- a/net/bridge/netfilter/nf_conntrack_bridge.c +++ b/net/bridge/netfilter/nf_conntrack_bridge.c @@ -88,6 +88,11 @@ static int nf_br_ip_fragment(struct net *net, struct sock *sk, skb = ip_fraglist_next(&iter); } + + if (!err) + return 0; + + kfree_skb_list(iter.frag_list); return err; } slow_path: -- 2.32.0