netfilter: nf_tables: fix potential NULL-ptr deref in nf_tables_dump_obj_done()

If there is no NFTA_OBJ_TABLE and NFTA_OBJ_TYPE, the c.data will be NULL in nf_tables_getobj(). So before free filter->table in nf_tables_dump_obj_done(), we need to check if filter is NULL first. Fixes: e46abbcc05aa ("netfilter: nf_tables: Allow table names of up to 255 chars") Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Hangbin Liu 2017-12-25 04:34:54 +0100
committer: Pablo Neira Ayuso 2017-12-26 17:16:47 +0100
commit: 8bea728dce8972e534e6b99fd550f7b5cc3864e8 (patch)
tree: e09d0a4d6ad714406b026bb7f6eb28a80eff8071 /net/netfilter/nf_tables_api.c
parent: netfilter: uapi: correct UNTRACKED conntrack state bit number (diff)
download: kernel-qcow2-linux-8bea728dce8972e534e6b99fd550f7b5cc3864e8.tar.gz
kernel-qcow2-linux-8bea728dce8972e534e6b99fd550f7b5cc3864e8.tar.xz
kernel-qcow2-linux-8bea728dce8972e534e6b99fd550f7b5cc3864e8.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 8d4526651661..07bd4138c84e 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4665,8 +4665,10 @@ static int nf_tables_dump_obj_done(struct netlink_callback *cb)
 {
 	struct nft_obj_filter *filter = cb->data;
 
-	kfree(filter->table);
-	kfree(filter);
+	if (filter) {
+		kfree(filter->table);
+		kfree(filter);
+	}
 
 	return 0;
 }
author	Hangbin Liu	2017-12-25 04:34:54 +0100
committer	Pablo Neira Ayuso	2017-12-26 17:16:47 +0100
commit	8bea728dce8972e534e6b99fd550f7b5cc3864e8 (patch)
tree	e09d0a4d6ad714406b026bb7f6eb28a80eff8071 /net/netfilter/nf_tables_api.c
parent	netfilter: uapi: correct UNTRACKED conntrack state bit number (diff)
download	kernel-qcow2-linux-8bea728dce8972e534e6b99fd550f7b5cc3864e8.tar.gz kernel-qcow2-linux-8bea728dce8972e534e6b99fd550f7b5cc3864e8.tar.xz kernel-qcow2-linux-8bea728dce8972e534e6b99fd550f7b5cc3864e8.zip