From 1f0520a5814226961f79983c0091d07dbd6417eb Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sun, 7 Jun 2020 17:51:42 +0200 Subject: netlink: release dummy rule object from netlink_parse_set_expr() netlink_parse_set_expr() creates a dummy rule object to reuse the existing netlink parser. Release the rule object to fix a memleak. Zap the statement list to avoid a use-after-free since the statement needs to remain in place after releasing the rule. ==21601==ERROR: LeakSanitizer: detected memory leaks Direct leak of 2016 byte(s) in 4 object(s) allocated from: #0 0x7f7824b26330 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9330) #1 0x7f78245fcebd in xmalloc /home/pablo/devel/scm/git-netfilter/nftables/src/utils.c:36 #2 0x7f78245fd016 in xzalloc /home/pablo/devel/scm/git-netfilter/nftables/src/utils.c:65 #3 0x7f782456f0b5 in rule_alloc /home/pablo/devel/scm/git-netfilter/nftables/src/rule.c:623 Add a test to check for set counters. SUMMARY: AddressSanitizer: 2016 byte(s) leaked in 4 allocation(s). Signed-off-by: Pablo Neira Ayuso --- src/netlink_delinearize.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 7f7ad262..8de4830c 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -1682,13 +1682,19 @@ struct stmt *netlink_parse_set_expr(const struct set *set, const struct nftnl_expr *nle) { struct netlink_parse_ctx ctx, *pctx = &ctx; + struct handle h = {}; - pctx->rule = rule_alloc(&netlink_location, &set->handle); + handle_merge(&h, &set->handle); + pctx->rule = rule_alloc(&netlink_location, &h); pctx->table = table_lookup(&set->handle, cache); assert(pctx->table != NULL); if (netlink_parse_expr(nle, pctx) < 0) return NULL; + + init_list_head(&pctx->rule->stmts); + rule_free(pctx->rule); + return pctx->stmt; } -- cgit v1.2.3