diff mbox series

AW: [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow

Message ID b9c2377849aa4ac38ab0306589eb22d2@bfs.de (mailing list archive)
State Awaiting Upstream
Delegated to: Netdev Maintainers
Headers show
Series AW: [PATCH][next] netfilter: nf_tables: Fix dereference of null pointer flow | expand

Checks

Context Check Description
netdev/tree_selection success Guessing tree name failed - patch did not apply

Commit Message

Walter Harms June 25, 2021, 10:06 a.m. UTC 
hi Colin,
most free_something_functions accept NULL
these days, perhaps it would be more efficient
to add a check in nft_flow_rule_destroy().
There is a chance that this will catch the same
mistake in future  also.

jm2c,
re,
 wh

Comments

Pablo Neira Ayuso June 25, 2021, 10:21 a.m. UTC | #1 
On Fri, Jun 25, 2021 at 10:06:26AM +0000, Walter Harms wrote:
> hi Colin,
> most free_something_functions accept NULL
> these days, perhaps it would be more efficient
> to add a check in nft_flow_rule_destroy().
> There is a chance that this will catch the same
> mistake in future  also.

I'm fine with Colin patch.

Thanks.
diff mbox series

Patch

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 390d4466567f..de182d1f7c4e 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -3446,7 +3446,8 @@  static int nf_tables_newrule(struct sk_buff *skb, const struct nfnl_info *info,
        return 0;

 err_destroy_flow_rule:
-       nft_flow_rule_destroy(flow);
+       if (flow)
+               nft_flow_rule_destroy(flow);
 err_release_rule:
        nf_tables_rule_release(&ctx, rule);
 err_release_expr: