mirror of
https://github.com/hanwckf/immortalwrt-mt798x.git
synced 2025-01-08 10:23:47 +08:00
[Description]
Fix possibly null pointer and memory leak. When skb_headroom(skb) < FOE_INFO_LEN, it means that hnat headroom of the message is incomplete and may have been truncated by other functions. HNAT should return and not relalloc skb. If without the patch, may met NULL pointer and memory leak issue. [Release-log] N/A Change-Id: I490191fa2be5fd1d664b228ef7c97951d0efe036 Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/7694271
This commit is contained in:
parent
1157c56596
commit
46fcd1ca5b
@ -2333,28 +2333,20 @@ static unsigned int
|
||||
mtk_hnat_ipv4_nf_local_out(void *priv, struct sk_buff *skb,
|
||||
const struct nf_hook_state *state)
|
||||
{
|
||||
struct sk_buff *new_skb;
|
||||
struct foe_entry *entry;
|
||||
struct iphdr *iph;
|
||||
|
||||
if (!is_magic_tag_valid(skb))
|
||||
return NF_ACCEPT;
|
||||
|
||||
if (unlikely(skb_headroom(skb) < FOE_INFO_LEN))
|
||||
return NF_ACCEPT;
|
||||
|
||||
if (!skb_hnat_is_hashed(skb))
|
||||
return NF_ACCEPT;
|
||||
|
||||
entry = &hnat_priv->foe_table_cpu[skb_hnat_ppe(skb)][skb_hnat_entry(skb)];
|
||||
|
||||
if (unlikely(skb_headroom(skb) < FOE_INFO_LEN)) {
|
||||
new_skb = skb_realloc_headroom(skb, FOE_INFO_LEN);
|
||||
if (!new_skb) {
|
||||
dev_info(hnat_priv->dev, "%s:drop\n", __func__);
|
||||
return NF_DROP;
|
||||
}
|
||||
dev_kfree_skb(skb);
|
||||
skb = new_skb;
|
||||
}
|
||||
|
||||
/* Make the flow from local not be bound. */
|
||||
iph = ip_hdr(skb);
|
||||
if (iph->protocol == IPPROTO_IPV6) {
|
||||
|
Loading…
x
Reference in New Issue
Block a user