--- /dev/null
+From 8b26ff7af8c32cb4148b3e147c52f9e4c695209c Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Thu, 5 Sep 2024 12:54:46 +0200
+Subject: netfilter: nft_socket: fix sk refcount leaks
+
+From: Florian Westphal <fw@strlen.de>
+
+commit 8b26ff7af8c32cb4148b3e147c52f9e4c695209c upstream.
+
+We must put 'sk' reference before returning.
+
+Fixes: 039b1f4f24ec ("netfilter: nft_socket: fix erroneous socket assignment")
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nft_socket.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/net/netfilter/nft_socket.c
++++ b/net/netfilter/nft_socket.c
+@@ -88,13 +88,13 @@ static void nft_socket_eval(const struct
+ *dest = sk->sk_mark;
+ } else {
+ regs->verdict.code = NFT_BREAK;
+- return;
++ goto out_put_sk;
+ }
+ break;
+ case NFT_SOCKET_WILDCARD:
+ if (!sk_fullsock(sk)) {
+ regs->verdict.code = NFT_BREAK;
+- return;
++ goto out_put_sk;
+ }
+ nft_socket_wildcard(pkt, regs, sk, dest);
+ break;
+@@ -103,6 +103,7 @@ static void nft_socket_eval(const struct
+ regs->verdict.code = NFT_BREAK;
+ }
+
++out_put_sk:
+ if (sk != skb->sk)
+ sock_gen_put(sk);
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
