[NETFILTER]: nfnetlink_log: fix reference counting

Fix reference counting (memory leak) problem in __nfulnl_send() and callers related to packet queueing. Signed-off-by: Michal Miroslaw <mirq-linux@rere.qmqm.pl> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>

[NETFILTER]: nfnetlink_log: fix reference counting
Fix reference counting (memory leak) problem in __nfulnl_send() and callers related to packet queueing. Signed-off-by: Michal Miroslaw <mirq-linux@rere.qmqm.pl> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
b4d6202b · Michal Miroslaw · David S. Miller · 7d90e86d · b4d6202b
Commit b4d6202b authored Mar 04, 2007 by Michal Miroslaw Committed by David S. Miller Mar 05, 2007
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 3 deletions

net/netfilter/nfnetlink_log.c net/netfilter/nfnetlink_log.c +6 -3

No files found.
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -218,6 +218,9 @@ _instance_destroy2(struct nfulnl_instance *inst, int lock)
 	spin_lock_bh(&inst->lock);
 	if (inst->skb) {
+		/* timer "holds" one reference (we have one more) */
+		if (del_timer(&inst->timer))
+			instance_put(inst);
 		if (inst->qlen)
 			__nfulnl_send(inst);
 		if (inst->skb) {
@@ -362,9 +365,6 @@ __nfulnl_send(struct nfulnl_instance *inst)
 {
 	int status;
-	if (timer_pending(&inst->timer))
-		del_timer(&inst->timer);
 	if (!inst->skb)
 		return 0;
@@ -689,6 +689,9 @@ nfulnl_log_packet(unsigned int pf,
 		 * enough room in the skb left. flush to userspace. */
 		UDEBUG("flushing old skb\n");
+		/* timer "holds" one reference (we have another one) */
+		if (del_timer(&inst->timer))
+			instance_put(inst);
 		__nfulnl_send(inst);
 		if (!(inst->skb = nfulnl_alloc_skb(nlbufsiz, size))) {