From: Yajun Deng <yajun.deng@linux.dev>
Date: Thu, 29 Jul 2021 08:20:21 +0000 (+0800)
Subject: netfilter: nf_conntrack_bridge: Fix memory leak when error
X-Git-Tag: v5.14-rc6~21^2~39^2~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=38ea9def5b62f9193f6bad96c5d108e2830ecbde;p=thirdparty%2Fkernel%2Flinux.git

netfilter: nf_conntrack_bridge: Fix memory leak when error

It should be added kfree_skb_list() when err is not equal to zero
in nf_br_ip_fragment().

v2: keep this aligned with IPv6.
v3: modify iter.frag_list to iter.frag.

Fixes: 3c171f496ef5 ("netfilter: bridge: add connection tracking system")
Signed-off-by: Yajun Deng <yajun.deng@linux.dev>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c
index 8d033a75a766e..fdbed31585553 100644
--- a/net/bridge/netfilter/nf_conntrack_bridge.c
+++ b/net/bridge/netfilter/nf_conntrack_bridge.c
@@ -88,6 +88,12 @@ static int nf_br_ip_fragment(struct net *net, struct sock *sk,
 
 			skb = ip_fraglist_next(&iter);
 		}
+
+		if (!err)
+			return 0;
+
+		kfree_skb_list(iter.frag);
+
 		return err;
 	}
 slow_path: