[NETFILTER] ctnetlink: Fix refcount leak ip_conntrack/nat_proto

Remove proto == NULL checking since ip_conntrack_[nat_]proto_find_get always returns a valid pointer. Fix missing ip_conntrack_proto_put in some paths. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2005-11-22 17:54:34 -0500
committer: David S. Miller <davem@davemloft.net> 2005-11-22 17:54:34 -0500
commit: 00cb277a4a1fb76aafb2fb28aa99f30546e619c5 (patch)
tree: 8ea9a2434eb55d2ff60bbff3dbc85817a7607493
parent: 0ff60a45678e67b2547256a636fd00c1667ce4fa (diff)
1 files changed, 12 insertions, 12 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index de9f446443..6c18a2b6d5 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -59,11 +59,13 @@ ctnetlink_dump_tuples_proto(struct sk_buff *skb,
        NFA_PUT(skb, CTA_PROTO_NUM, sizeof(u_int8_t), &tuple->dst.protonum);
+        /* If no protocol helper is found, this function will return the
+         * generic protocol helper, so proto won't *ever* be NULL */
        proto = ip_conntrack_proto_find_get(tuple->dst.protonum);
-        if (likely(proto && proto->tuple_to_nfattr)) {
+        if (likely(proto->tuple_to_nfattr))
                ret = proto->tuple_to_nfattr(skb, tuple);
-                ip_conntrack_proto_put(proto);
+        
-        }
+        ip_conntrack_proto_put(proto);
        return ret;
@@ -128,9 +130,11 @@ ctnetlink_dump_protoinfo(struct sk_buff *skb, const struct ip_conntrack *ct)
        struct nfattr *nest_proto;
        int ret;
-        
-        if (!proto || !proto->to_nfattr)
+        if (!proto->to_nfattr) {
+                ip_conntrack_proto_put(proto);
                return 0;
+        }
        
        nest_proto = NFA_NEST(skb, CTA_PROTOINFO);
@@ -527,10 +531,10 @@ ctnetlink_parse_tuple_proto(struct nfattr *attr,
        proto = ip_conntrack_proto_find_get(tuple->dst.protonum);
-        if (likely(proto && proto->nfattr_to_tuple)) {
+        if (likely(proto->nfattr_to_tuple))
                ret = proto->nfattr_to_tuple(tb, tuple);
-                ip_conntrack_proto_put(proto);
+        
-        }
+        ip_conntrack_proto_put(proto);
        
        return ret;
 }
@@ -596,8 +600,6 @@ static int ctnetlink_parse_nat_proto(struct nfattr *attr,
                return -EINVAL;
        npt = ip_nat_proto_find_get(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum);
-        if (!npt)
-                return 0;
        if (!npt->nfattr_to_range) {
                ip_nat_proto_put(npt);
@@ -957,8 +959,6 @@ ctnetlink_change_protoinfo(struct ip_conntrack *ct, struct nfattr *cda[])
        nfattr_parse_nested(tb, CTA_PROTOINFO_MAX, attr);
        proto = ip_conntrack_proto_find_get(npt);
-        if (!proto)
-                return -EINVAL;
        if (proto->from_nfattr)
                err = proto->from_nfattr(tb, ct);
author	Pablo Neira Ayuso <pablo@netfilter.org>	2005-11-22 17:54:34 -0500
committer	David S. Miller <davem@davemloft.net>	2005-11-22 17:54:34 -0500
commit	00cb277a4a1fb76aafb2fb28aa99f30546e619c5 (patch)
tree	8ea9a2434eb55d2ff60bbff3dbc85817a7607493
parent	0ff60a45678e67b2547256a636fd00c1667ce4fa (diff)

diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c index de9f446443..6c18a2b6d5 100644 --- a/net/ipv4/netfilter/ip_conntrack_netlink.c +++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -59,11 +59,13 @@ ctnetlink_dump_tuples_proto(struct sk_buff *skb,
59		59
60	NFA_PUT(skb, CTA_PROTO_NUM, sizeof(u_int8_t), &tuple->dst.protonum);	60	NFA_PUT(skb, CTA_PROTO_NUM, sizeof(u_int8_t), &tuple->dst.protonum);
61		61
		62	/* If no protocol helper is found, this function will return the
		63	* generic protocol helper, so proto won't ever be NULL */
62	proto = ip_conntrack_proto_find_get(tuple->dst.protonum);	64	proto = ip_conntrack_proto_find_get(tuple->dst.protonum);
63	if (likely(proto && proto->tuple_to_nfattr)) {	65	if (likely(proto->tuple_to_nfattr))
64	ret = proto->tuple_to_nfattr(skb, tuple);	66	ret = proto->tuple_to_nfattr(skb, tuple);
65	ip_conntrack_proto_put(proto);	67
66	}	68	ip_conntrack_proto_put(proto);
67		69
68	return ret;	70	return ret;
69		71
@@ -128,9 +130,11 @@ ctnetlink_dump_protoinfo(struct sk_buff skb, const struct ip_conntrack ct)
128		130
129	struct nfattr *nest_proto;	131	struct nfattr *nest_proto;
130	int ret;	132	int ret;
131		133
132	if (!proto \|\| !proto->to_nfattr)	134	if (!proto->to_nfattr) {
		135	ip_conntrack_proto_put(proto);
133	return 0;	136	return 0;
		137	}
134		138
135	nest_proto = NFA_NEST(skb, CTA_PROTOINFO);	139	nest_proto = NFA_NEST(skb, CTA_PROTOINFO);
136		140
@@ -527,10 +531,10 @@ ctnetlink_parse_tuple_proto(struct nfattr *attr,
527		531
528	proto = ip_conntrack_proto_find_get(tuple->dst.protonum);	532	proto = ip_conntrack_proto_find_get(tuple->dst.protonum);
529		533
530	if (likely(proto && proto->nfattr_to_tuple)) {	534	if (likely(proto->nfattr_to_tuple))
531	ret = proto->nfattr_to_tuple(tb, tuple);	535	ret = proto->nfattr_to_tuple(tb, tuple);
532	ip_conntrack_proto_put(proto);	536
533	}	537	ip_conntrack_proto_put(proto);
534		538
535	return ret;	539	return ret;
536	}	540	}
@@ -596,8 +600,6 @@ static int ctnetlink_parse_nat_proto(struct nfattr *attr,
596	return -EINVAL;	600	return -EINVAL;
597		601
598	npt = ip_nat_proto_find_get(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum);	602	npt = ip_nat_proto_find_get(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum);
599	if (!npt)
600	return 0;
601		603
602	if (!npt->nfattr_to_range) {	604	if (!npt->nfattr_to_range) {
603	ip_nat_proto_put(npt);	605	ip_nat_proto_put(npt);
@@ -957,8 +959,6 @@ ctnetlink_change_protoinfo(struct ip_conntrack ct, struct nfattr cda[])
957	nfattr_parse_nested(tb, CTA_PROTOINFO_MAX, attr);	959	nfattr_parse_nested(tb, CTA_PROTOINFO_MAX, attr);
958		960
959	proto = ip_conntrack_proto_find_get(npt);	961	proto = ip_conntrack_proto_find_get(npt);
960	if (!proto)
961	return -EINVAL;
962		962
963	if (proto->from_nfattr)	963	if (proto->from_nfattr)
964	err = proto->from_nfattr(tb, ct);	964	err = proto->from_nfattr(tb, ct);