kernel / kernel-source

Clone
Source Code
GIT

Files

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   SLE12-SP5
  2.   patches.suse
  3.   netfilter-ctnetlink-fix-possible-refcount-leak-in-ct.patch
Blob Blame History Raw 
From: Hangyu Hua <hbh25y@gmail.com>
Date: Fri, 10 Feb 2023 15:17:30 +0800
Subject: netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()
Patch-mainline: v6.3-rc1
Git-commit: ac4893980bbe79ce383daf9a0885666a30fe4c83
References: CVE-2023-7192 bsc#1218479

nf_ct_put() needs to be called to put the refcount got by
nf_conntrack_find_get() to avoid refcount leak when
nf_conntrack_hash_check_insert() fails.

Fixes: 7d367e06688d ("netfilter: ctnetlink: fix soft lockup when netlink adds new entries (v2)")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>

---
 net/netfilter/nf_conntrack_netlink.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1892,12 +1892,15 @@ ctnetlink_create_conntrack(struct net *net,
 
 	err = nf_conntrack_hash_check_insert(ct);
 	if (err < 0)
-		goto err2;
+		goto err3;
 
 	rcu_read_unlock();
 
 	return ct;
 
+err3:
+	if (ct->master)
+		nf_ct_put(ct->master);
 err2:
 	rcu_read_unlock();
 err1:
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.