pknock: avoid crash on memory allocation failure and fix memleak

If rule->peer_head==NULL due to an unsuccessful allocation, peer_gc (and perhaps other places) may crash when they try to access it. Since I see no deferred retry for allocation, the only option is to fail in add_rule, clean it up, and return false instead. Independent of that problem, it also needs to free peer_head in case the status_proc allocation fails.
2025-09-08 05:34:58 +02:00 · 2009-10-07 00:59:37 +02:00
parent 204b612e23
commit 8e812620f0
1 changed files with 7 additions and 5 deletions
--- a/extensions/xt_pknock.c
+++ b/extensions/xt_pknock.c
@@ -451,17 +451,15 @@ add_rule(struct xt_pknock_mtinfo *info)
 	rule->max_time	= info->max_time;
 	rule->peer_head = alloc_hashtable(peer_hashsize);
 	if (rule->peer_head == NULL)
-		return false;
+		goto out;

 	init_timer(&rule->timer);
 	rule->timer.function	= peer_gc;
 	rule->timer.data	= (unsigned long)rule;

 	rule->status_proc = create_proc_entry(info->rule_name, 0, pde);
-	if (rule->status_proc == NULL) {
-                kfree(rule);
-                return false;
-	}
+	if (rule->status_proc == NULL)
+		goto out;

 	rule->status_proc->proc_fops = &pknock_proc_ops;
 	rule->status_proc->data = rule;
@@ -469,6 +467,10 @@ add_rule(struct xt_pknock_mtinfo *info)
 	list_add(&rule->head, &rule_hashtable[hash]);
 	pr_debug("(A) rule_name: %s - created.\n", rule->rule_name);
 	return true;
+ out:
+	kfree(rule->peer_head);
+	kfree(rule);
+	return false;
 }

 /**