[NETFILTER]: ctnetlink: fix reference count leak

When NFA_NEST exceeds the skb size the protocol reference is leaked.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 262d0d44ec1b5924aff8a3d7efe4ec6a1fbb2733..55f0ae64108157d6a9a8380d0cf46d6f08bd43c1 100644 (file)
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -153,6 +153,7 @@ ctnetlink_dump_protoinfo(struct sk_buff *skb, const struct ip_conntrack *ct)
        return ret;
 
 nfattr_failure:
+       ip_conntrack_proto_put(proto);
        return -1;
 }
 

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 77a46eef66c195237ba075472b4e28bdeb1e459f..ab67c2be2b5dee92d2f8a4719c648110d173eb35 100644 (file)
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -161,6 +161,7 @@ ctnetlink_dump_protoinfo(struct sk_buff *skb, const struct nf_conn *ct)
        return ret;
 
 nfattr_failure:
+       nf_ct_proto_put(proto);
        return -1;
 }