netfilter: nf_tables: fix memory leak in nf_tables_parse_netdev_hooks()

Syzbot detected a leak in nf_tables_parse_netdev_hooks(). If the hook already exists, then the error handling doesn't free the newest "hook". Reported-by: syzbot+f9d4095107fc8749c69c@syzkaller.appspotmail.com Fixes: b75a3e8371bc ("netfilter: nf_tables: allow netdevice to be used only once per flowtable") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Dan Carpenter <dan.carpenter@oracle.com> 2020-01-16 13:09:31 +0300
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2020-01-16 14:22:32 +0100
commit: cd77e75b5e4632d05d61fec5383052713c8ede2b (patch)
tree: 71683e0bc3c4cc4fb380baa4101c12d95ffcf816 /net
parent: 9332d27d7918182add34e8043f6a754530fdd022 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index b3692458d428..896a6e8aff91 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1680,6 +1680,7 @@ static int nf_tables_parse_netdev_hooks(struct net *net,
 			goto err_hook;
 		}
 		if (nft_hook_list_find(hook_list, hook)) {
+			kfree(hook);
 			err = -EEXIST;
 			goto err_hook;
 		}
author	Dan Carpenter <dan.carpenter@oracle.com>	2020-01-16 13:09:31 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2020-01-16 14:22:32 +0100
commit	cd77e75b5e4632d05d61fec5383052713c8ede2b (patch)
tree	71683e0bc3c4cc4fb380baa4101c12d95ffcf816 /net
parent	9332d27d7918182add34e8043f6a754530fdd022 (diff)