diff options
| author | Julia Lawall <julia@diku.dk> | 2010-01-04 09:21:31 -0500 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-01-04 09:21:31 -0500 |
| commit | 71c3ebfdb27b50dcaef38b6f70da82b9142c5fb6 (patch) | |
| tree | 06363bb4142abdf0c308b60198d23f2849a7355d /net/ipv4 | |
| parent | ceba0b29e002e6151b6b5ead8db9c664b58d8d21 (diff) | |
netfilter: SNMP NAT: correct the size argument to kzalloc
obj has type struct snmp_object **, not struct snmp_object *. But indeed
it is not even clear why kmalloc is needed. The memory is freed by the end
of the function, so the local variable of pointer type should be sufficient.
The semantic patch that makes this change is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@disable sizeof_type_expr@
type T;
T **x;
@@
x =
<+...sizeof(
- T
+ *x
)...+>
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/nf_nat_snmp_basic.c | 31 |
1 files changed, 11 insertions, 20 deletions
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c index d9521f6f9ed0..0b9c7ce3d6c5 100644 --- a/net/ipv4/netfilter/nf_nat_snmp_basic.c +++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c | |||
| @@ -1038,7 +1038,7 @@ static int snmp_parse_mangle(unsigned char *msg, | |||
| 1038 | unsigned int cls, con, tag, vers, pdutype; | 1038 | unsigned int cls, con, tag, vers, pdutype; |
| 1039 | struct asn1_ctx ctx; | 1039 | struct asn1_ctx ctx; |
| 1040 | struct asn1_octstr comm; | 1040 | struct asn1_octstr comm; |
| 1041 | struct snmp_object **obj; | 1041 | struct snmp_object *obj; |
| 1042 | 1042 | ||
| 1043 | if (debug > 1) | 1043 | if (debug > 1) |
| 1044 | hex_dump(msg, len); | 1044 | hex_dump(msg, len); |
| @@ -1148,43 +1148,34 @@ static int snmp_parse_mangle(unsigned char *msg, | |||
| 1148 | if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ) | 1148 | if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ) |
| 1149 | return 0; | 1149 | return 0; |
| 1150 | 1150 | ||
| 1151 | obj = kmalloc(sizeof(struct snmp_object), GFP_ATOMIC); | ||
| 1152 | if (obj == NULL) { | ||
| 1153 | if (net_ratelimit()) | ||
| 1154 | printk(KERN_WARNING "OOM in bsalg(%d)\n", __LINE__); | ||
| 1155 | return 0; | ||
| 1156 | } | ||
| 1157 | |||
| 1158 | while (!asn1_eoc_decode(&ctx, eoc)) { | 1151 | while (!asn1_eoc_decode(&ctx, eoc)) { |
| 1159 | unsigned int i; | 1152 | unsigned int i; |
| 1160 | 1153 | ||
| 1161 | if (!snmp_object_decode(&ctx, obj)) { | 1154 | if (!snmp_object_decode(&ctx, &obj)) { |
| 1162 | if (*obj) { | 1155 | if (obj) { |
| 1163 | kfree((*obj)->id); | 1156 | kfree(obj->id); |
| 1164 | kfree(*obj); | 1157 | kfree(obj); |
| 1165 | } | 1158 | } |
| 1166 | kfree(obj); | ||
| 1167 | return 0; | 1159 | return 0; |
| 1168 | } | 1160 | } |
| 1169 | 1161 | ||
| 1170 | if (debug > 1) { | 1162 | if (debug > 1) { |
| 1171 | printk(KERN_DEBUG "bsalg: object: "); | 1163 | printk(KERN_DEBUG "bsalg: object: "); |
| 1172 | for (i = 0; i < (*obj)->id_len; i++) { | 1164 | for (i = 0; i < obj->id_len; i++) { |
| 1173 | if (i > 0) | 1165 | if (i > 0) |
| 1174 | printk("."); | 1166 | printk("."); |
| 1175 | printk("%lu", (*obj)->id[i]); | 1167 | printk("%lu", obj->id[i]); |
| 1176 | } | 1168 | } |
| 1177 | printk(": type=%u\n", (*obj)->type); | 1169 | printk(": type=%u\n", obj->type); |
| 1178 | 1170 | ||
| 1179 | } | 1171 | } |
| 1180 | 1172 | ||
| 1181 | if ((*obj)->type == SNMP_IPADDR) | 1173 | if (obj->type == SNMP_IPADDR) |
| 1182 | mangle_address(ctx.begin, ctx.pointer - 4 , map, check); | 1174 | mangle_address(ctx.begin, ctx.pointer - 4 , map, check); |
| 1183 | 1175 | ||
| 1184 | kfree((*obj)->id); | 1176 | kfree(obj->id); |
| 1185 | kfree(*obj); | 1177 | kfree(obj); |
| 1186 | } | 1178 | } |
| 1187 | kfree(obj); | ||
| 1188 | 1179 | ||
| 1189 | if (!asn1_eoc_decode(&ctx, eoc)) | 1180 | if (!asn1_eoc_decode(&ctx, eoc)) |
| 1190 | return 0; | 1181 | return 0; |