netfilter: nf_conntrack: fix memory leak if sysctl registration fails
authorGao feng <gaofeng@cn.fujitsu.com>
Thu, 21 Jun 2012 04:36:42 +0000 (04:36 +0000)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 27 Jun 2012 16:55:22 +0000 (18:55 +0200)
In nf_ct_l4proto_register_sysctl, if l4proto sysctl registration
fails, we have to make sure that we release the compat sysctl
table.

This can happen if TCP has been registered compat for IPv4, and
IPv6 compat registration fails.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_conntrack_proto.c

index 63612e6d7238fe9a79fb4a926a4033ed8f4d0d98..21b850c4b3ab68796a16e05b1541ffa8253e8109 100644 (file)
@@ -341,11 +341,14 @@ int nf_ct_l4proto_register_sysctl(struct net *net,
                                kfree(pn->ctl_table);
                                pn->ctl_table = NULL;
                        }
-                       goto out;
                }
        }
 #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
        if (l4proto->l3proto != AF_INET6 && pn->ctl_compat_table != NULL) {
+               if (err < 0) {
+                       nf_ct_kfree_compat_sysctl_table(pn);
+                       goto out;
+               }
                err = nf_ct_register_sysctl(net,
                                            &pn->ctl_compat_header,
                                            "net/ipv4/netfilter",
@@ -358,8 +361,8 @@ int nf_ct_l4proto_register_sysctl(struct net *net,
                                        &pn->ctl_table,
                                        pn->users);
        }
-#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
 out:
+#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
 #endif /* CONFIG_SYSCTL */
        return err;
 }