[PATCH] Re: leak in bridge netfilter if skb traverses > 1 bridge

David Kimdon Wed, 23 Nov 2005 09:09:59 -0800

Indeed, as Herbert pointed out, no need to NULL the pointer, updated
patch follows.


Signed-off-by: David Kimdon <[EMAIL PROTECTED]>

        * net/bridge/br_netfilter.c (br_nf_pre_routing) : Call nf_bridge_put()
          before potentially allocating a new nf_bridge structure and
          overwriting the pointer to it.  This fixes a memory leak when the
          bridge topology allows for an skb to traverse more than one bridge.

--- linux-2.4.x/net/bridge/br_netfilter.c
+++ linux-2.4.x/net/bridge/br_netfilter.c
@@ -284,6 +284,7 @@
 #ifdef CONFIG_NETFILTER_DEBUG
        skb->nf_debug ^= (1 << NF_IP_PRE_ROUTING);
 #endif
+       nf_bridge_put(skb->nf_bridge);
        if ((nf_bridge = nf_bridge_alloc(skb)) == NULL)
                return NF_DROP;
 

-- 
David Kimdon                        (650) 829 2621
Devicescape Software
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] Re: leak in bridge netfilter if skb traverses > 1 bridge

Reply via email to