Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp5897278pxv;
        Thu, 29 Jul 2021 00:51:15 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxjWqFkAJylRBzRyS/xz2sj4Dw6yViP1mF8hnDFaJfwQFo42Tpg/i3TQnYyoJroJNCQYKul
X-Received: by 2002:a17:907:1b02:: with SMTP id mp2mr3520769ejc.196.1627545074831;
        Thu, 29 Jul 2021 00:51:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1627545074; cv=none;
        d=google.com; s=arc-20160816;
        b=nH0m+uBzYfIXbMeAXJ3J5AyZ+FkHTmv+H30UrIhKxqCAwqvkeERZw+IgQHD5MmBUOs
         2cFFv2aUlx25cgoPOwzMXj/OhNgPI+hJnZigClW2AomHAc6+SsIdrIqVqu6gTZvPmx9b
         7tN0zWTlgWBLNO3PK6AUMaBKrR4tcpEXXjwCjcH1Cvc/Q1zssS3bQU51oCNcdbNXqD/G
         u4wD6TsnvnD9ockoJD8WAymijgal6QGd2atg0RzXqhoRnBFbYoFXvTC7iLu5Gk/IwqCV
         XGTexLA8I1G1LyyEJbgTjLbhi7KKPf2hMTXbE2J5MZTAVXsq/JrLOxyvcR8osfDlkFPy
         deLg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=XXimOoQI1d0O8kEjg5QeSeqgs9ahW1SYrIjYJUFIUFk=;
        b=sarAnRxRbIv3/o2+h1lnqjwYpYcRGiEi7z1cc1wrn+4jBhSSuyGLvF91sWrV2wNUKR
         EWUu8zBo1DX5HfSEAwIMFUM0uR4isBHvRy+O236fceyau6GlZ5D2oR1pkyFtHEWrFdPw
         uSpuAC0JqLuCSw67eeEE1cD4A+P/zsb0rDnUr07KHgPIsV50TMcWNjMr4hz53oqgWOTJ
         nNP9uL68EkdUfv7TY1OZYvKF7sN4J/8WGjAKR7Iyxt5zHvuPJi8IkUrD42VLMoY5zaFT
         voNFP8LjSUwrJgW6MkpeFCGELRvMPCTh872AYkYzr9JzFIhDEpSQ0ExjOLQlaC9GFAjw
         yDnw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux.dev header.s=key1 header.b=ZxU028pH;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id l13si2581596ejg.289.2021.07.29.00.50.52;
        Thu, 29 Jul 2021 00:51:14 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux.dev header.s=key1 header.b=ZxU028pH;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234686AbhG2HrS (ORCPT <rfc822;linux.s.jambekar@gmail.com>
        + 99 others); Thu, 29 Jul 2021 03:47:18 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49310 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234524AbhG2HrR (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 29 Jul 2021 03:47:17 -0400
Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DF0B7C061757;
        Thu, 29 Jul 2021 00:47:14 -0700 (PDT)
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1;
        t=1627544832;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding;
        bh=XXimOoQI1d0O8kEjg5QeSeqgs9ahW1SYrIjYJUFIUFk=;
        b=ZxU028pHpwvCtyCHblNHopevwPhNISY8scbRLab5RO12ZB79ThzDFEUOMpoitqLZcEhufp
        MJ54uK4qZoUJk7QEp6rYStFMQ0B1Ub76M1kpRxuJ5cFk3knShr9ucpjgEh5Q7sc/GbEd7f
        EuIcMCBQb5gpowr3KfbDZ5/moNDpICM=
From:   Yajun Deng <yajun.deng@linux.dev>
To:     pablo@netfilter.org, kadlec@netfilter.org, fw@strlen.de
Cc:     netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
        bridge@lists.linux-foundation.org, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org, Yajun Deng <yajun.deng@linux.dev>
Subject: [PATCH v2] netfilter: nf_conntrack_bridge: Fix memory leak when error
Date:   Thu, 29 Jul 2021 15:46:58 +0800
Message-Id: <20210729074658.8538-1-yajun.deng@linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Migadu-Flow: FLOW_OUT
X-Migadu-Auth-User: yajun.deng@linux.dev
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

It should be added kfree_skb_list() when err is not equal to zero
in nf_br_ip_fragment().

v2: keep this aligned with IPv6.

Fixes: 3c171f496ef5 ("netfilter: bridge: add connection tracking system")
Signed-off-by: Yajun Deng <yajun.deng@linux.dev>
---
 net/bridge/netfilter/nf_conntrack_bridge.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c
index 8d033a75a766..3cf5457919c6 100644
--- a/net/bridge/netfilter/nf_conntrack_bridge.c
+++ b/net/bridge/netfilter/nf_conntrack_bridge.c
@@ -88,6 +88,11 @@ static int nf_br_ip_fragment(struct net *net, struct sock *sk,
 
 			skb = ip_fraglist_next(&iter);
 		}
+
+		if (!err)
+			return 0;
+
+		kfree_skb_list(iter.frag_list);
 		return err;
 	}
 slow_path:
-- 
2.32.0