libnl3/libnl3-route-cls-fix-potential-memory-leak.patch

From 1ac40683a879a602dbf8c42372677fb94f958a7d Mon Sep 17 00:00:00 2001
From: Ilya Pronin <ipronin@twitter.com>
Date: Thu, 23 Aug 2018 16:12:25 -0700
Subject: [PATCH 73/76] route/cls: fix potential memory leak

rtnl_act_append() cannot add more than TCA_ACT_MAX_PRIO actions to the
same list. Because of that rtnl_basic_add_action() and
rtnl_u32_add_action() should not increment the reference counter of the
given action until it is successfully added to the filter's list.

Signed-off-by: Ilya Pronin <ipronin@twitter.com>

Fixes: e5d9b828f6ec64fd77854578fbf1c33f214f3ac4

https://github.com/thom311/libnl/pull/201
---
 lib/route/cls/basic.c | 6 +++++-
 lib/route/cls/u32.c   | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/route/cls/basic.c b/lib/route/cls/basic.c
index 912ded6..3581c60 100644
--- a/lib/route/cls/basic.c
+++ b/lib/route/cls/basic.c
@@ -220,6 +220,7 @@ struct rtnl_ematch_tree *rtnl_basic_get_ematch(struct rtnl_cls *cls)
 int rtnl_basic_add_action(struct rtnl_cls *cls, struct rtnl_act *act)
 {
 	struct rtnl_basic *b;
+	int err;
 
 	if (!act)
 		return 0;
@@ -228,9 +229,12 @@ int rtnl_basic_add_action(struct rtnl_cls *cls, struct rtnl_act *act)
 		return -NLE_NOMEM;
 
 	b->b_mask |= BASIC_ATTR_ACTION;
+	if ((err = rtnl_act_append(&b->b_act, act)))
+		return err;
+
 	/* In case user frees it */
 	rtnl_act_get(act);
-	return rtnl_act_append(&b->b_act, act);
+	return 0;
 }
 
 struct rtnl_act* rtnl_basic_get_action(struct rtnl_cls *cls)
diff --git a/lib/route/cls/u32.c b/lib/route/cls/u32.c
index 0078888..f06bc24 100644
--- a/lib/route/cls/u32.c
+++ b/lib/route/cls/u32.c
@@ -526,6 +526,7 @@ int rtnl_u32_set_cls_terminal(struct rtnl_cls *cls)
 int rtnl_u32_add_action(struct rtnl_cls *cls, struct rtnl_act *act)
 {
 	struct rtnl_u32 *u;
+	int err;
 
 	if (!act)
 		return 0;
@@ -534,9 +535,12 @@ int rtnl_u32_add_action(struct rtnl_cls *cls, struct rtnl_act *act)
 		return -NLE_NOMEM;
 
 	u->cu_mask |= U32_ATTR_ACTION;
+	if ((err = rtnl_act_append(&u->cu_act, act)))
+		return err;
+
 	/* In case user frees it */
 	rtnl_act_get(act);
-	return rtnl_act_append(&u->cu_act, act);
+	return 0;
 }
 
 struct rtnl_act* rtnl_u32_get_action(struct rtnl_cls *cls)
-- 
1.8.3.1
Package init 2019-09-30 10:57:19 -04:00			`From 1ac40683a879a602dbf8c42372677fb94f958a7d Mon Sep 17 00:00:00 2001`
			`From: Ilya Pronin <ipronin@twitter.com>`
			`Date: Thu, 23 Aug 2018 16:12:25 -0700`
			`Subject: [PATCH 73/76] route/cls: fix potential memory leak`

			`rtnl_act_append() cannot add more than TCA_ACT_MAX_PRIO actions to the`
			`same list. Because of that rtnl_basic_add_action() and`
			`rtnl_u32_add_action() should not increment the reference counter of the`
			`given action until it is successfully added to the filter's list.`

			`Signed-off-by: Ilya Pronin <ipronin@twitter.com>`

			`Fixes: e5d9b828f6ec64fd77854578fbf1c33f214f3ac4`

			`https://github.com/thom311/libnl/pull/201`
			`---`
			`lib/route/cls/basic.c \| 6 +++++-`
			`lib/route/cls/u32.c \| 6 +++++-`
			`2 files changed, 10 insertions(+), 2 deletions(-)`

			`diff --git a/lib/route/cls/basic.c b/lib/route/cls/basic.c`
			`index 912ded6..3581c60 100644`
			`--- a/lib/route/cls/basic.c`
			`+++ b/lib/route/cls/basic.c`
			`@@ -220,6 +220,7 @@ struct rtnl_ematch_tree rtnl_basic_get_ematch(struct rtnl_cls cls)`
			`int rtnl_basic_add_action(struct rtnl_cls cls, struct rtnl_act act)`
			`{`
			`struct rtnl_basic *b;`
			`+ int err;`

			`if (!act)`
			`return 0;`
			`@@ -228,9 +229,12 @@ int rtnl_basic_add_action(struct rtnl_cls cls, struct rtnl_act act)`
			`return -NLE_NOMEM;`

			`b->b_mask \|= BASIC_ATTR_ACTION;`
			`+ if ((err = rtnl_act_append(&b->b_act, act)))`
			`+ return err;`
			`+`
			`/* In case user frees it */`
			`rtnl_act_get(act);`
			`- return rtnl_act_append(&b->b_act, act);`
			`+ return 0;`
			`}`

			`struct rtnl_act* rtnl_basic_get_action(struct rtnl_cls *cls)`
			`diff --git a/lib/route/cls/u32.c b/lib/route/cls/u32.c`
			`index 0078888..f06bc24 100644`
			`--- a/lib/route/cls/u32.c`
			`+++ b/lib/route/cls/u32.c`
			`@@ -526,6 +526,7 @@ int rtnl_u32_set_cls_terminal(struct rtnl_cls *cls)`
			`int rtnl_u32_add_action(struct rtnl_cls cls, struct rtnl_act act)`
			`{`
			`struct rtnl_u32 *u;`
			`+ int err;`

			`if (!act)`
			`return 0;`
			`@@ -534,9 +535,12 @@ int rtnl_u32_add_action(struct rtnl_cls cls, struct rtnl_act act)`
			`return -NLE_NOMEM;`

			`u->cu_mask \|= U32_ATTR_ACTION;`
			`+ if ((err = rtnl_act_append(&u->cu_act, act)))`
			`+ return err;`
			`+`
			`/* In case user frees it */`
			`rtnl_act_get(act);`
			`- return rtnl_act_append(&u->cu_act, act);`
			`+ return 0;`
			`}`

			`struct rtnl_act* rtnl_u32_get_action(struct rtnl_cls *cls)`
			`--`
			`1.8.3.1`