netfilter: SNMP NAT: correct the size argument to kzalloc
authorJulia Lawall <julia@diku.dk>
Mon, 4 Jan 2010 14:21:31 +0000 (15:21 +0100)
committerPatrick McHardy <kaber@trash.net>
Mon, 4 Jan 2010 14:21:31 +0000 (15:21 +0100)
obj has type struct snmp_object **, not struct snmp_object *.  But indeed
it is not even clear why kmalloc is needed.  The memory is freed by the end
of the function, so the local variable of pointer type should be sufficient.

The semantic patch that makes this change is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@disable sizeof_type_expr@
type T;
T **x;
@@

  x =
  <+...sizeof(
- T
+ *x
  )...+>
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Patrick McHardy <kaber@trash.net>
net/ipv4/netfilter/nf_nat_snmp_basic.c

index d9521f6f9ed0f29a9eeabc27710636d7c6393ac9..0b9c7ce3d6c584a90fa012a96e9baa7a6deab317 100644 (file)
@@ -1038,7 +1038,7 @@ static int snmp_parse_mangle(unsigned char *msg,
        unsigned int cls, con, tag, vers, pdutype;
        struct asn1_ctx ctx;
        struct asn1_octstr comm;
-       struct snmp_object **obj;
+       struct snmp_object *obj;
 
        if (debug > 1)
                hex_dump(msg, len);
@@ -1148,43 +1148,34 @@ static int snmp_parse_mangle(unsigned char *msg,
        if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ)
                return 0;
 
-       obj = kmalloc(sizeof(struct snmp_object), GFP_ATOMIC);
-       if (obj == NULL) {
-               if (net_ratelimit())
-                       printk(KERN_WARNING "OOM in bsalg(%d)\n", __LINE__);
-               return 0;
-       }
-
        while (!asn1_eoc_decode(&ctx, eoc)) {
                unsigned int i;
 
-               if (!snmp_object_decode(&ctx, obj)) {
-                       if (*obj) {
-                               kfree((*obj)->id);
-                               kfree(*obj);
+               if (!snmp_object_decode(&ctx, &obj)) {
+                       if (obj) {
+                               kfree(obj->id);
+                               kfree(obj);
                        }
-                       kfree(obj);
                        return 0;
                }
 
                if (debug > 1) {
                        printk(KERN_DEBUG "bsalg: object: ");
-                       for (i = 0; i < (*obj)->id_len; i++) {
+                       for (i = 0; i < obj->id_len; i++) {
                                if (i > 0)
                                        printk(".");
-                               printk("%lu", (*obj)->id[i]);
+                               printk("%lu", obj->id[i]);
                        }
-                       printk(": type=%u\n", (*obj)->type);
+                       printk(": type=%u\n", obj->type);
 
                }
 
-               if ((*obj)->type == SNMP_IPADDR)
+               if (obj->type == SNMP_IPADDR)
                        mangle_address(ctx.begin, ctx.pointer - 4 , map, check);
 
-               kfree((*obj)->id);
-               kfree(*obj);
+               kfree(obj->id);
+               kfree(obj);
        }
-       kfree(obj);
 
        if (!asn1_eoc_decode(&ctx, eoc))
                return 0;