From 8e812620f04e639d44024d8d8212de94cb6dee9a Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Wed, 7 Oct 2009 00:59:37 +0200
Subject: [PATCH] pknock: avoid crash on memory allocation failure and fix
 memleak

If rule->peer_head==NULL due to an unsuccessful allocation, peer_gc
(and perhaps other places) may crash when they try to access it.
Since I see no deferred retry for allocation, the only option is to
fail in add_rule, clean it up, and return false instead.
Independent of that problem, it also needs to free peer_head in case
the status_proc allocation fails.
---
 extensions/xt_pknock.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/extensions/xt_pknock.c b/extensions/xt_pknock.c
index bb65312..394a45e 100644
--- a/extensions/xt_pknock.c
+++ b/extensions/xt_pknock.c
@@ -451,17 +451,15 @@ add_rule(struct xt_pknock_mtinfo *info)
 	rule->max_time	= info->max_time;
 	rule->peer_head = alloc_hashtable(peer_hashsize);
 	if (rule->peer_head == NULL)
-		return false;
+		goto out;
 
 	init_timer(&rule->timer);
 	rule->timer.function	= peer_gc;
 	rule->timer.data	= (unsigned long)rule;
 
 	rule->status_proc = create_proc_entry(info->rule_name, 0, pde);
-	if (rule->status_proc == NULL) {
-                kfree(rule);
-                return false;
-	}
+	if (rule->status_proc == NULL)
+		goto out;
 
 	rule->status_proc->proc_fops = &pknock_proc_ops;
 	rule->status_proc->data = rule;
@@ -469,6 +467,10 @@ add_rule(struct xt_pknock_mtinfo *info)
 	list_add(&rule->head, &rule_hashtable[hash]);
 	pr_debug("(A) rule_name: %s - created.\n", rule->rule_name);
 	return true;
+ out:
+	kfree(rule->peer_head);
+	kfree(rule);
+	return false;
 }
 
 /**