From 4ff5a8fbf62b75b17194a5cd324c08b8fa0f08bf Mon Sep 17 00:00:00 2001
From: Josh Hunt <johunt@akamai.com>
Date: Thu, 2 Aug 2012 00:07:42 +0200
Subject: [PATCH] TARPIT: fix memory leak when tarpit_generic() fails

Currently tarpit_generic() just returns on failure, but this does not
free nskb.

Signed-off-by: Josh Hunt <johunt@akamai.com>
---
 doc/changelog.txt      | 1 +
 extensions/xt_TARPIT.c | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/doc/changelog.txt b/doc/changelog.txt
index 14db878..c4a7ead 100644
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -3,6 +3,7 @@ HEAD
 ====
 Fixes:
 - length2, SYSRQ, RAWNAT: preinitialize values for ipv6_find_hdr
+- TARPIT: fix memory leak when tarpit_generic() fails
 
 
 v1.45 (2012-07-16)
diff --git a/extensions/xt_TARPIT.c b/extensions/xt_TARPIT.c
index 58f12e4..0e66279 100644
--- a/extensions/xt_TARPIT.c
+++ b/extensions/xt_TARPIT.c
@@ -237,7 +237,7 @@ static void tarpit_tcp4(struct sk_buff *oldskb, unsigned int hook,
 	((u_int8_t *)tcph)[13] = 0;
 
 	if (!tarpit_generic(tcph, oth, payload, mode))
-		return;
+		goto free_nskb;
 
 	/* Adjust TCP checksum */
 	tcph->check = 0;
@@ -398,7 +398,7 @@ static void tarpit_tcp6(struct sk_buff *oldskb, unsigned int hook,
 
 	payload = nskb->len - sizeof(struct ipv6hdr) - sizeof(struct tcphdr);
 	if (!tarpit_generic(&oth, tcph, payload, mode))
-		return;
+		goto free_nskb;
 
 	ip6h->payload_len = htons(sizeof(struct tcphdr));
 	tcph->check = 0;