diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-11-14 15:19:03 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-11-18 13:59:47 +0100 |
commit | 3cf788a720b30530ca0fe86d40e2e86139e7d48c (patch) | |
tree | 9e70cf0787df8e3d7e2aac5d1fa64f29e2304c44 | |
parent | 989b793a3bf689757b2b8f08a1c264743d75fa0f (diff) |
expr: fix leak in target and match expressions
Release internal data area for match and target expressions.
==30104== 68 bytes in 1 blocks are definitely lost in loss record 1 of 1
==30104== at 0x4C2B514: calloc (vg_replace_malloc.c:593)
==30104== by 0x400C2F: main (nft-expr_match-test.c:65)
Reported-by: Ana Rey Botello <anarey@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/expr.c | 3 | ||||
-rw-r--r-- | src/expr/match.c | 8 | ||||
-rw-r--r-- | src/expr/target.c | 8 | ||||
-rw-r--r-- | src/expr_ops.h | 1 |
4 files changed, 20 insertions, 0 deletions
@@ -49,6 +49,9 @@ EXPORT_SYMBOL(nft_rule_expr_alloc); void nft_rule_expr_free(struct nft_rule_expr *expr) { + if (expr->ops->free) + expr->ops->free(expr); + xfree(expr); } EXPORT_SYMBOL(nft_rule_expr_free); diff --git a/src/expr/match.c b/src/expr/match.c index db2b987..5d02ee7 100644 --- a/src/expr/match.c +++ b/src/expr/match.c @@ -258,10 +258,18 @@ nft_rule_expr_match_snprintf(char *buf, size_t len, uint32_t type, return -1; } +static void nft_rule_expr_match_free(struct nft_rule_expr *e) +{ + struct nft_expr_match *match = nft_expr_data(e); + + xfree(match->data); +} + struct expr_ops expr_ops_match = { .name = "match", .alloc_len = sizeof(struct nft_expr_match), .max_attr = NFTA_MATCH_MAX, + .free = nft_rule_expr_match_free, .set = nft_rule_expr_match_set, .get = nft_rule_expr_match_get, .parse = nft_rule_expr_match_parse, diff --git a/src/expr/target.c b/src/expr/target.c index 7994bcd..20bf2af 100644 --- a/src/expr/target.c +++ b/src/expr/target.c @@ -260,10 +260,18 @@ nft_rule_expr_target_snprintf(char *buf, size_t len, uint32_t type, return -1; } +static void nft_rule_expr_target_free(struct nft_rule_expr *e) +{ + struct nft_expr_target *target = nft_expr_data(e); + + xfree(target->data); +} + struct expr_ops expr_ops_target = { .name = "target", .alloc_len = sizeof(struct nft_expr_target), .max_attr = NFTA_TARGET_MAX, + .free = nft_rule_expr_target_free, .set = nft_rule_expr_target_set, .get = nft_rule_expr_target_get, .parse = nft_rule_expr_target_parse, diff --git a/src/expr_ops.h b/src/expr_ops.h index becc85a..26e0b82 100644 --- a/src/expr_ops.h +++ b/src/expr_ops.h @@ -23,6 +23,7 @@ struct expr_ops { const char *name; uint32_t alloc_len; int max_attr; + void (*free)(struct nft_rule_expr *e); int (*set)(struct nft_rule_expr *e, uint16_t type, const void *data, uint32_t data_len); const void *(*get)(const struct nft_rule_expr *e, uint16_t type, uint32_t *data_len); int (*parse)(struct nft_rule_expr *e, struct nlattr *attr); |