netfilter: Fix memory leak in nf_register_net_hook

In the rare case that when it is a attempted to use a per network device netfilter hook and the network device does not exist the newly allocated structure can leak. Be a good citizen and free the newly allocated structure in the error handling code. Fixes: 085db2c04557 ("netfilter: Per network namespace netfilter hooks.") Reported-by: kbuild@01.org Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Eric W. Biederman <ebiederm@xmission.com> 2015-07-18 10:21:14 -0500
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-07-20 09:15:50 +0200
commit: e317fa505dcdfa25f0e4c888f991eb7fd1562e1e (patch)
tree: 0ef02978e3d358a01d75109ca55f80f23d9bf643 /net
parent: 6c7941dee9c41d6ab5a8be06ec44aa579a6123e1 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 6896cee8b733..87d237d20870 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -96,8 +96,10 @@ int nf_register_net_hook(struct net *net, const struct nf_hook_ops *reg)
 	new->priority = reg->priority;
 
 	nf_hook_list = find_nf_hook_list(net, reg);
-	if (!nf_hook_list)
+	if (!nf_hook_list) {
+		kfree(new);
 		return -ENOENT;
+	}
 
 	mutex_lock(&nf_hook_mutex);
 	list_for_each_entry(elem, nf_hook_list, list) {
author	Eric W. Biederman <ebiederm@xmission.com>	2015-07-18 10:21:14 -0500
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-07-20 09:15:50 +0200
commit	e317fa505dcdfa25f0e4c888f991eb7fd1562e1e (patch)
tree	0ef02978e3d358a01d75109ca55f80f23d9bf643 /net
parent	6c7941dee9c41d6ab5a8be06ec44aa579a6123e1 (diff)