summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorHarald Welte <laforge@netfilter.org>2005-11-03 21:05:37 +0300
committerArnaldo Carvalho de Melo <acme@mandriva.com>2005-11-05 08:28:37 +0300
commit0f81eb4db4f1cc560318b6e7762a7a1d7d8c7095 (patch)
treea65dfc0b6f5b4c8901f20b382dd00403f4d86099 /net
parentd2a7bb7141a1fac7b11523538b2d2407e928baeb (diff)
downloadlinux-0f81eb4db4f1cc560318b6e7762a7a1d7d8c7095.tar.xz
[NETFILTER]: Fix double free after netlink_unicast() in ctnetlink
It's not necessary to free skb if netlink_unicast() failed. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/netfilter/ip_conntrack_netlink.c19
1 files changed, 7 insertions, 12 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 166e6069f121..82a65043a8ef 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -815,7 +815,7 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
IPCTNL_MSG_CT_NEW, 1, ct);
ip_conntrack_put(ct);
if (err <= 0)
- goto out;
+ goto free;
err = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT);
if (err < 0)
@@ -824,9 +824,9 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
DEBUGP("leaving\n");
return 0;
+free:
+ kfree_skb(skb2);
out:
- if (skb2)
- kfree_skb(skb2);
return -1;
}
@@ -1322,21 +1322,16 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
nlh->nlmsg_seq, IPCTNL_MSG_EXP_NEW,
1, exp);
if (err <= 0)
- goto out;
+ goto free;
ip_conntrack_expect_put(exp);
- err = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT);
- if (err < 0)
- goto free;
-
- return err;
+ return netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT);
+free:
+ kfree_skb(skb2);
out:
ip_conntrack_expect_put(exp);
-free:
- if (skb2)
- kfree_skb(skb2);
return err;
}