diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-06-17 02:58:09 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-06-18 09:40:20 +0200 |
| commit | e2c0529c7fe40be9f3f3c0131d26f44fe8fdc408 (patch) | |
| tree | 408c3c6a84c981c7886887803e6a9f90f833b4ee /src | |
| parent | a7c2acf6c9cfcb7da8600e58bcd1d147b31fcb7c (diff) | |
netlink_delinearize: memleak in string netlink postprocessing
Listing a matching wilcard string results in a memleak: ifname "dummy*"
Direct leak of 136 byte(s) in 1 object(s) allocated from:
#0 0x7f27ba52e330 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9330)
#1 0x7f27b9e1d434 in xmalloc /home/.../devel/nftables/src/utils.c:36
#2 0x7f27b9e1d5f3 in xzalloc /home/.../devel/nftables/src/utils.c:75
#3 0x7f27b9d2e8c6 in expr_alloc /home/.../devel/nftables/src/expression.c:45
#4 0x7f27b9d326e9 in constant_expr_alloc /home/.../devel/nftables/src/expression.c:419
#5 0x7f27b9db9318 in netlink_alloc_value /home/.../devel/nftables/src/netlink.c:390
#6 0x7f27b9de0433 in netlink_parse_cmp /home/.../devel/nftables/src/netlink_delinearize.c:321
#7 0x7f27b9deb025 in netlink_parse_expr /home/.../devel/nftables/src/netlink_delinearize.c:1764
#8 0x7f27b9deb0de in netlink_parse_rule_expr /home/.../devel/nftables/src/netlink_delinearize.c:1776
#9 0x7f27b860af7b in nftnl_expr_foreach /home/.../devel/libnftnl/src/rule.c:690
Direct leak of 8 byte(s) in 1 object(s) allocated from:
#0 0x7f27ba52e330 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9330)
#1 0x7f27b9e1d434 in xmalloc /home/.../devel/nftables/src/utils.c:36
#2 0x7f27b96975c5 in __gmpz_init2 (/usr/lib/x86_64-linux-gnu/libgmp.so.10+0x1c5c5)
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/netlink_delinearize.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 952e2be5..413ef6b4 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -2394,8 +2394,10 @@ static struct expr *expr_postprocess_string(struct expr *expr) mask = constant_expr_alloc(&expr->location, &integer_type, BYTEORDER_HOST_ENDIAN, expr->len + BITS_PER_BYTE, NULL); + mpz_clear(mask->value); mpz_init_bitmask(mask->value, expr->len); out = string_wildcard_expr_alloc(&expr->location, mask, expr); + expr_free(expr); expr_free(mask); return out; } |