diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-06-07 17:51:42 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-06-08 00:26:09 +0200 |
commit | 1f0520a5814226961f79983c0091d07dbd6417eb (patch) | |
tree | e5ad191878d1fc1cef7f191c310c6e781bd685f9 /src | |
parent | 8d1e4ad3a2eebbb880b0ab0c1d2f01e530a15600 (diff) |
netlink: release dummy rule object from netlink_parse_set_expr()
netlink_parse_set_expr() creates a dummy rule object to reuse the
existing netlink parser. Release the rule object to fix a memleak.
Zap the statement list to avoid a use-after-free since the statement
needs to remain in place after releasing the rule.
==21601==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 2016 byte(s) in 4 object(s) allocated from:
#0 0x7f7824b26330 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9330)
#1 0x7f78245fcebd in xmalloc /home/pablo/devel/scm/git-netfilter/nftables/src/utils.c:36
#2 0x7f78245fd016 in xzalloc /home/pablo/devel/scm/git-netfilter/nftables/src/utils.c:65
#3 0x7f782456f0b5 in rule_alloc /home/pablo/devel/scm/git-netfilter/nftables/src/rule.c:623
Add a test to check for set counters.
SUMMARY: AddressSanitizer: 2016 byte(s) leaked in 4 allocation(s).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/netlink_delinearize.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 7f7ad262..8de4830c 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -1682,13 +1682,19 @@ struct stmt *netlink_parse_set_expr(const struct set *set, const struct nftnl_expr *nle) { struct netlink_parse_ctx ctx, *pctx = &ctx; + struct handle h = {}; - pctx->rule = rule_alloc(&netlink_location, &set->handle); + handle_merge(&h, &set->handle); + pctx->rule = rule_alloc(&netlink_location, &h); pctx->table = table_lookup(&set->handle, cache); assert(pctx->table != NULL); if (netlink_parse_expr(nle, pctx) < 0) return NULL; + + init_list_head(&pctx->rule->stmts); + rule_free(pctx->rule); + return pctx->stmt; } |