rpms / conntrack-tools

Clone
Source Code
GIT

Blame conntrack-tools-1.4.4-nat_tuple-leak.patch

c7 c7-alt c8-beta el6 epel7 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master
  1.   f26
  2.   conntrack-tools-1.4.4-nat_tuple-leak.patch
Blob History Raw
Paul Wouters 5ea965 
From 1ba5e76a368aeb9fe17d3b691df4faa0dadc4523 Mon Sep 17 00:00:00 2001
Paul Wouters 5ea965 
From: Kevin Cernekee <cernekee@chromium.org>
Paul Wouters 5ea965 
Date: Thu, 26 Jan 2017 16:44:24 -0800
Paul Wouters 5ea965 
Subject: conntrackd: cthelper: Don't leak nat_tuple
Paul Wouters 5ea965
Paul Wouters 5ea965 
nfexp_set_attr() copies |nat_tuple| rather than taking ownership, so
Paul Wouters 5ea965 
it should be freed at the end of the loop.  Some of the other helpers
Paul Wouters 5ea965 
(like rpc.c) do this, but it is missing here.
Paul Wouters 5ea965
Paul Wouters 5ea965 
Reported-by: Eric Caruso <ejcaruso@chromium.org>
Paul Wouters 5ea965 
Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
Paul Wouters 5ea965 
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Paul Wouters 5ea965 
---
Paul Wouters 5ea965 
 src/helpers/amanda.c | 1 +
Paul Wouters 5ea965 
 src/helpers/ftp.c    | 1 +
Paul Wouters 5ea965 
 src/helpers/tftp.c   | 1 +
Paul Wouters 5ea965 
 3 files changed, 3 insertions(+)
Paul Wouters 5ea965
Paul Wouters 5ea965 
diff --git a/src/helpers/amanda.c b/src/helpers/amanda.c
Paul Wouters 5ea965 
index 9e6c4e7..faee1cd 100644
Paul Wouters 5ea965 
--- a/src/helpers/amanda.c
Paul Wouters 5ea965 
+++ b/src/helpers/amanda.c
Paul Wouters 5ea965 
@@ -75,6 +75,7 @@ static int nat_amanda(struct pkt_buff *pkt, uint32_t ctinfo,
Paul Wouters 5ea965 
 			break;
Paul Wouters 5ea965 
 		}
Paul Wouters 5ea965 
 	}
Paul Wouters 5ea965 
+	nfct_destroy(nat_tuple);
Paul Wouters 5ea965
Paul Wouters 5ea965 
 	if (port == 0) {
Paul Wouters 5ea965 
 		pr_debug("all ports in use\n");
Paul Wouters 5ea965 
diff --git a/src/helpers/ftp.c b/src/helpers/ftp.c
Paul Wouters 5ea965 
index 27ab5eb..c3aa284 100644
Paul Wouters 5ea965 
--- a/src/helpers/ftp.c
Paul Wouters 5ea965 
+++ b/src/helpers/ftp.c
Paul Wouters 5ea965 
@@ -423,6 +423,7 @@ static unsigned int nf_nat_ftp(struct pkt_buff *pkt,
Paul Wouters 5ea965 
 			break;
Paul Wouters 5ea965 
 		}
Paul Wouters 5ea965 
 	}
Paul Wouters 5ea965 
+	nfct_destroy(nat_tuple);
Paul Wouters 5ea965
Paul Wouters 5ea965 
 	if (port == 0)
Paul Wouters 5ea965 
 		return NF_DROP;
Paul Wouters 5ea965 
diff --git a/src/helpers/tftp.c b/src/helpers/tftp.c
Paul Wouters 5ea965 
index 45591c6..70dd28a 100644
Paul Wouters 5ea965 
--- a/src/helpers/tftp.c
Paul Wouters 5ea965 
+++ b/src/helpers/tftp.c
Paul Wouters 5ea965 
@@ -65,6 +65,7 @@ static unsigned int nat_tftp(struct pkt_buff *pkt, uint32_t ctinfo,
Paul Wouters 5ea965 
 	nfexp_set_attr_u32(exp, ATTR_EXP_NAT_DIR, MYCT_DIR_REPL);
Paul Wouters 5ea965 
 	nfexp_set_attr(exp, ATTR_EXP_FN, "nat-follow-master");
Paul Wouters 5ea965 
 	nfexp_set_attr(exp, ATTR_EXP_NAT_TUPLE, nat_tuple);
Paul Wouters 5ea965 
+	nfct_destroy(nat_tuple);
Paul Wouters 5ea965
Paul Wouters 5ea965 
 	return NF_ACCEPT;
Paul Wouters 5ea965 
 }
Paul Wouters 5ea965 
--
Paul Wouters 5ea965 
cgit v0.12
Paul Wouters 5ea965

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation