From: Florian Westphal Date: Tue, 20 Sep 2022 12:20:17 +0000 (+0200) Subject: netfilter: ebtables: fix memory leak when blob is malformed X-Git-Tag: v6.6.17~6602^2~14^2~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=62ce44c4fff947eebdf10bb582267e686e6835c9;p=platform%2Fkernel%2Flinux-rpi.git netfilter: ebtables: fix memory leak when blob is malformed The bug fix was incomplete, it "replaced" crash with a memory leak. The old code had an assignment to "ret" embedded into the conditional, restore this. Fixes: 7997eff82828 ("netfilter: ebtables: reject blobs that don't provide all entry points") Reported-and-tested-by: syzbot+a24c5252f3e3ab733464@syzkaller.appspotmail.com Signed-off-by: Florian Westphal --- diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 9a0ae59..4f385d5 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -1040,8 +1040,10 @@ static int do_replace_finish(struct net *net, struct ebt_replace *repl, goto free_iterate; } - if (repl->valid_hooks != t->valid_hooks) + if (repl->valid_hooks != t->valid_hooks) { + ret = -EINVAL; goto free_unlock; + } if (repl->num_counters && repl->num_counters != t->private->nentries) { ret = -EINVAL;