From 1ba5e76a368aeb9fe17d3b691df4faa0dadc4523 Mon Sep 17 00:00:00 2001
From: Kevin Cernekee <cernekee@chromium.org>
Date: Thu, 26 Jan 2017 16:44:24 -0800
Subject: conntrackd: cthelper: Don't leak nat_tuple

nfexp_set_attr() copies |nat_tuple| rather than taking ownership, so
it should be freed at the end of the loop.  Some of the other helpers
(like rpc.c) do this, but it is missing here.

Reported-by: Eric Caruso <ejcaruso@chromium.org>
Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/helpers/amanda.c | 1 +
 src/helpers/ftp.c    | 1 +
 src/helpers/tftp.c   | 1 +
 3 files changed, 3 insertions(+)

diff --git a/src/helpers/amanda.c b/src/helpers/amanda.c
index 9e6c4e7..faee1cd 100644
--- a/src/helpers/amanda.c
+++ b/src/helpers/amanda.c
@@ -75,6 +75,7 @@ static int nat_amanda(struct pkt_buff *pkt, uint32_t ctinfo,
 			break;
 		}
 	}
+	nfct_destroy(nat_tuple);
 
 	if (port == 0) {
 		pr_debug("all ports in use\n");
diff --git a/src/helpers/ftp.c b/src/helpers/ftp.c
index 27ab5eb..c3aa284 100644
--- a/src/helpers/ftp.c
+++ b/src/helpers/ftp.c
@@ -423,6 +423,7 @@ static unsigned int nf_nat_ftp(struct pkt_buff *pkt,
 			break;
 		}
 	}
+	nfct_destroy(nat_tuple);
 
 	if (port == 0)
 		return NF_DROP;
diff --git a/src/helpers/tftp.c b/src/helpers/tftp.c
index 45591c6..70dd28a 100644
--- a/src/helpers/tftp.c
+++ b/src/helpers/tftp.c
@@ -65,6 +65,7 @@ static unsigned int nat_tftp(struct pkt_buff *pkt, uint32_t ctinfo,
 	nfexp_set_attr_u32(exp, ATTR_EXP_NAT_DIR, MYCT_DIR_REPL);
 	nfexp_set_attr(exp, ATTR_EXP_FN, "nat-follow-master");
 	nfexp_set_attr(exp, ATTR_EXP_NAT_TUPLE, nat_tuple);
+	nfct_destroy(nat_tuple);
 
 	return NF_ACCEPT;
 }
-- 
cgit v0.12