add patches
This commit is contained in:
Paul Wouters
parent
0032df1040
commit
5ea9655765
29
conntrack-tools-1.4.4-free-pktb-after-use.patch
Normal file
29
conntrack-tools-1.4.4-free-pktb-after-use.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From 832166dc4780e259424ebab07b42ecf42cde6fe3 Mon Sep 17 00:00:00 2001
|
||||
From: Kevin Cernekee <cernekee@chromium.org>
|
||||
Date: Fri, 27 Jan 2017 12:38:46 -0800
|
||||
Subject: conntrackd: cthelper: Free pktb after use
|
||||
|
||||
According to valgrind, this currently leaks ~512B to 2kB for each
|
||||
packet sent to the userspace helper.
|
||||
|
||||
Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
---
|
||||
src/cthelper.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/cthelper.c b/src/cthelper.c
|
||||
index 54eb830..f01c509 100644
|
||||
--- a/src/cthelper.c
|
||||
+++ b/src/cthelper.c
|
||||
@@ -325,6 +325,7 @@ static int nfq_queue_cb(const struct nlmsghdr *nlh, void *data)
|
||||
if (pkt_verdict_issue(helper, myct, queue_num, id, verdict, pktb) < 0)
|
||||
goto err4;
|
||||
|
||||
+ pktb_free(pktb);
|
||||
nfct_destroy(ct);
|
||||
if (myct->exp != NULL)
|
||||
nfexp_destroy(myct->exp);
|
||||
--
|
||||
cgit v0.12
|
||||
|
||||
57
conntrack-tools-1.4.4-nat_tuple-leak.patch
Normal file
57
conntrack-tools-1.4.4-nat_tuple-leak.patch
Normal file
@ -0,0 +1,57 @@
|
||||
From 1ba5e76a368aeb9fe17d3b691df4faa0dadc4523 Mon Sep 17 00:00:00 2001
|
||||
From: Kevin Cernekee <cernekee@chromium.org>
|
||||
Date: Thu, 26 Jan 2017 16:44:24 -0800
|
||||
Subject: conntrackd: cthelper: Don't leak nat_tuple
|
||||
|
||||
nfexp_set_attr() copies |nat_tuple| rather than taking ownership, so
|
||||
it should be freed at the end of the loop. Some of the other helpers
|
||||
(like rpc.c) do this, but it is missing here.
|
||||
|
||||
Reported-by: Eric Caruso <ejcaruso@chromium.org>
|
||||
Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
---
|
||||
src/helpers/amanda.c | 1 +
|
||||
src/helpers/ftp.c | 1 +
|
||||
src/helpers/tftp.c | 1 +
|
||||
3 files changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/helpers/amanda.c b/src/helpers/amanda.c
|
||||
index 9e6c4e7..faee1cd 100644
|
||||
--- a/src/helpers/amanda.c
|
||||
+++ b/src/helpers/amanda.c
|
||||
@@ -75,6 +75,7 @@ static int nat_amanda(struct pkt_buff *pkt, uint32_t ctinfo,
|
||||
break;
|
||||
}
|
||||
}
|
||||
+ nfct_destroy(nat_tuple);
|
||||
|
||||
if (port == 0) {
|
||||
pr_debug("all ports in use\n");
|
||||
diff --git a/src/helpers/ftp.c b/src/helpers/ftp.c
|
||||
index 27ab5eb..c3aa284 100644
|
||||
--- a/src/helpers/ftp.c
|
||||
+++ b/src/helpers/ftp.c
|
||||
@@ -423,6 +423,7 @@ static unsigned int nf_nat_ftp(struct pkt_buff *pkt,
|
||||
break;
|
||||
}
|
||||
}
|
||||
+ nfct_destroy(nat_tuple);
|
||||
|
||||
if (port == 0)
|
||||
return NF_DROP;
|
||||
diff --git a/src/helpers/tftp.c b/src/helpers/tftp.c
|
||||
index 45591c6..70dd28a 100644
|
||||
--- a/src/helpers/tftp.c
|
||||
+++ b/src/helpers/tftp.c
|
||||
@@ -65,6 +65,7 @@ static unsigned int nat_tftp(struct pkt_buff *pkt, uint32_t ctinfo,
|
||||
nfexp_set_attr_u32(exp, ATTR_EXP_NAT_DIR, MYCT_DIR_REPL);
|
||||
nfexp_set_attr(exp, ATTR_EXP_FN, "nat-follow-master");
|
||||
nfexp_set_attr(exp, ATTR_EXP_NAT_TUPLE, nat_tuple);
|
||||
+ nfct_destroy(nat_tuple);
|
||||
|
||||
return NF_ACCEPT;
|
||||
}
|
||||
--
|
||||
cgit v0.12
|
||||
|
||||
Loading…
Reference in New Issue
Block a user