OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/net/ipv4/netfilter
History
Xin Xiong 4e8307203d netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() 
[ Upstream commit d94a69cb2cfa77294921aae9afcfb866e723a2da ]

The issue takes place in one error path of clusterip_tg_check(). When
memcmp() returns nonzero, the function simply returns the error code,
forgetting to decrease the reference count of a clusterip_config
object, which is bumped earlier by clusterip_config_find_get(). This
may incur reference count leak.

Fix this issue by decrementing the refcount of the object in specific
error path.

Fixes: 06aa151ad1 ("netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set")
Signed-off-by: Xin Xiong <xiongx18@fudan.edu.cn>
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2022-01-27 09:19:35 +01:00
..
Kconfig netfilter: fix coding-style errors. 2019-09-13 11:39:38 +02:00
Makefile netfilter: fix coding-style errors. 2019-09-13 11:39:38 +02:00
arp_tables.c netfilter: arp_tables: add pre_exit hook for table unregister 2021-04-21 12:56:16 +02:00
arpt_mangle.c netfilter: ipv4: prefer skb_ensure_writable 2019-05-31 18:02:46 +02:00
arptable_filter.c netfilter: arp_tables: add pre_exit hook for table unregister 2021-04-21 12:56:16 +02:00
ip_tables.c netfilter: x_tables: fix compat match/target pad out-of-bound write 2021-04-16 11:46:38 +02:00
ipt_CLUSTERIP.c netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() 2022-01-27 09:19:35 +01:00
ipt_ECN.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-22 08:59:24 -04:00
ipt_REJECT.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ipt_SYNPROXY.c netfilter: synproxy: rename mss synproxy_options field 2019-08-03 18:39:08 +02:00
ipt_ah.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ipt_rpfilter.c netfilter: rpfilter: mask ecn bits before fib lookup 2021-01-27 11:47:52 +01:00
iptable_filter.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
iptable_mangle.c netfilter: use actual socket sk rather than skb sk when routing harder 2020-11-18 19:20:17 +01:00
iptable_nat.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
iptable_raw.c Update my email address 2019-06-10 13:00:24 +02:00
iptable_security.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
nf_defrag_ipv4.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
nf_dup_ipv4.c netfilter: drop bridge nf reset from nf_reset 2019-10-01 18:42:15 +02:00
nf_flow_table_ipv4.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nf_log_arp.c netfilter: nf_log: missing vlan offload tag and proto 2020-10-29 09:57:45 +01:00
nf_log_ipv4.c netfilter: nf_log: missing vlan offload tag and proto 2020-10-29 09:57:45 +01:00
nf_nat_h323.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_nat_pptp.c netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code 2020-06-03 08:21:35 +02:00
nf_nat_snmp_basic.asn1 netfilter: nf_nat_snmp_basic: use asn1 decoder library 2018-01-19 13:59:07 +01:00
nf_nat_snmp_basic_main.c netfilter: ipv4: prefer skb_ensure_writable 2019-05-31 18:02:46 +02:00
nf_reject_ipv4.c netfilter: use actual socket sk rather than skb sk when routing harder 2020-11-18 19:20:17 +01:00
nf_socket_ipv4.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
nf_tproxy_ipv4.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-22 08:59:24 -04:00
nft_dup_ipv4.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
nft_fib_ipv4.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
nft_reject_ipv4.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00