netfilter: xt_hashlimit: fix a possible memory leak in htable_create()

[ Upstream commit b4e955e9f372035361fbc6f07b21fe2cc6a5be4a ]

In the htable_create(), hinfo is allocated by vmalloc()
So that if error occurred, hinfo should be freed.

Fixes: 11d5f15723c9 ("netfilter: xt_hashlimit: Create revision 2 to support higher pps rates")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index 0c034597b9b870b1f45d2ce4da44a9b5a432157a..fe8e8a1622b59f3986a1cc65ba569a521b09f762 100644 (file)
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -295,9 +295,10 @@ static int htable_create(struct net *net, struct hashlimit_cfg3 *cfg,
 
        /* copy match config into hashtable config */
        ret = cfg_copy(&hinfo->cfg, (void *)cfg, 3);
-
-       if (ret)
+       if (ret) {
+               vfree(hinfo);
                return ret;
+       }
 
        hinfo->cfg.size = size;
        if (hinfo->cfg.max == 0)
@@ -814,7 +815,6 @@ hashlimit_mt_v1(const struct sk_buff *skb, struct xt_action_param *par)
        int ret;
 
        ret = cfg_copy(&cfg, (void *)&info->cfg, 1);
-
        if (ret)
                return ret;
 
@@ -830,7 +830,6 @@ hashlimit_mt_v2(const struct sk_buff *skb, struct xt_action_param *par)
        int ret;
 
        ret = cfg_copy(&cfg, (void *)&info->cfg, 2);
-
        if (ret)
                return ret;
 
@@ -920,7 +919,6 @@ static int hashlimit_mt_check_v1(const struct xt_mtchk_param *par)
                return ret;
 
        ret = cfg_copy(&cfg, (void *)&info->cfg, 1);
-
        if (ret)
                return ret;
 
@@ -939,7 +937,6 @@ static int hashlimit_mt_check_v2(const struct xt_mtchk_param *par)
                return ret;
 
        ret = cfg_copy(&cfg, (void *)&info->cfg, 2);
-
        if (ret)
                return ret;