diff options
| -rw-r--r-- | net/ipv4/netfilter/nf_nat_snmp_basic.c | 31 |
1 files changed, 11 insertions, 20 deletions
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c index d9521f6f9ed0..0b9c7ce3d6c5 100644 --- a/net/ipv4/netfilter/nf_nat_snmp_basic.c +++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c | |||
| @@ -1038,7 +1038,7 @@ static int snmp_parse_mangle(unsigned char *msg, | |||
| 1038 | unsigned int cls, con, tag, vers, pdutype; | 1038 | unsigned int cls, con, tag, vers, pdutype; |
| 1039 | struct asn1_ctx ctx; | 1039 | struct asn1_ctx ctx; |
| 1040 | struct asn1_octstr comm; | 1040 | struct asn1_octstr comm; |
| 1041 | struct snmp_object **obj; | 1041 | struct snmp_object *obj; |
| 1042 | 1042 | ||
| 1043 | if (debug > 1) | 1043 | if (debug > 1) |
| 1044 | hex_dump(msg, len); | 1044 | hex_dump(msg, len); |
| @@ -1148,43 +1148,34 @@ static int snmp_parse_mangle(unsigned char *msg, | |||
| 1148 | if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ) | 1148 | if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ) |
| 1149 | return 0; | 1149 | return 0; |
| 1150 | 1150 | ||
| 1151 | obj = kmalloc(sizeof(struct snmp_object), GFP_ATOMIC); | ||
| 1152 | if (obj == NULL) { | ||
| 1153 | if (net_ratelimit()) | ||
| 1154 | printk(KERN_WARNING "OOM in bsalg(%d)\n", __LINE__); | ||
| 1155 | return 0; | ||
| 1156 | } | ||
| 1157 | |||
| 1158 | while (!asn1_eoc_decode(&ctx, eoc)) { | 1151 | while (!asn1_eoc_decode(&ctx, eoc)) { |
| 1159 | unsigned int i; | 1152 | unsigned int i; |
| 1160 | 1153 | ||
| 1161 | if (!snmp_object_decode(&ctx, obj)) { | 1154 | if (!snmp_object_decode(&ctx, &obj)) { |
| 1162 | if (*obj) { | 1155 | if (obj) { |
| 1163 | kfree((*obj)->id); | 1156 | kfree(obj->id); |
| 1164 | kfree(*obj); | 1157 | kfree(obj); |
| 1165 | } | 1158 | } |
| 1166 | kfree(obj); | ||
| 1167 | return 0; | 1159 | return 0; |
| 1168 | } | 1160 | } |
| 1169 | 1161 | ||
| 1170 | if (debug > 1) { | 1162 | if (debug > 1) { |
| 1171 | printk(KERN_DEBUG "bsalg: object: "); | 1163 | printk(KERN_DEBUG "bsalg: object: "); |
| 1172 | for (i = 0; i < (*obj)->id_len; i++) { | 1164 | for (i = 0; i < obj->id_len; i++) { |
| 1173 | if (i > 0) | 1165 | if (i > 0) |
| 1174 | printk("."); | 1166 | printk("."); |
| 1175 | printk("%lu", (*obj)->id[i]); | 1167 | printk("%lu", obj->id[i]); |
| 1176 | } | 1168 | } |
| 1177 | printk(": type=%u\n", (*obj)->type); | 1169 | printk(": type=%u\n", obj->type); |
| 1178 | 1170 | ||
| 1179 | } | 1171 | } |
| 1180 | 1172 | ||
| 1181 | if ((*obj)->type == SNMP_IPADDR) | 1173 | if (obj->type == SNMP_IPADDR) |
| 1182 | mangle_address(ctx.begin, ctx.pointer - 4 , map, check); | 1174 | mangle_address(ctx.begin, ctx.pointer - 4 , map, check); |
| 1183 | 1175 | ||
| 1184 | kfree((*obj)->id); | 1176 | kfree(obj->id); |
| 1185 | kfree(*obj); | 1177 | kfree(obj); |
| 1186 | } | 1178 | } |
| 1187 | kfree(obj); | ||
| 1188 | 1179 | ||
| 1189 | if (!asn1_eoc_decode(&ctx, eoc)) | 1180 | if (!asn1_eoc_decode(&ctx, eoc)) |
| 1190 | return 0; | 1181 | return 0; |