netfilter: layer7 fix wrong fuzzy match change

author Arne Fitzenreiter <arne_f@ipfire.org>

Mon, 6 Mar 2017 07:50:15 +0000 (08:50 +0100)

committer Arne Fitzenreiter <arne_f@ipfire.org>

Fri, 17 Nov 2023 09:02:31 +0000 (10:02 +0100)
author Arne Fitzenreiter <arne_f@ipfire.org>
Mon, 6 Mar 2017 07:50:15 +0000 (08:50 +0100)
committer Arne Fitzenreiter <arne_f@ipfire.org>
Fri, 17 Nov 2023 09:02:31 +0000 (10:02 +0100)
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c

index 9f6f2e6435758e2505a934adc0067a11f3dae68c..df847f369fe34978bda269c41f6ab2c4facea726 100644 (file)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -592,6 +592,13 @@ void nf_ct_destroy(struct nf_conntrack *nfct)
          */
         nf_ct_remove_expectations(ct);
  
+#if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE)
+       if(ct->layer7.app_proto)
+               kfree(ct->layer7.app_proto);
+       if(ct->layer7.app_data)
+               kfree(ct->layer7.app_data);
+#endif
+
         if (ct->master)
                 nf_ct_put(ct->master);
author	Arne Fitzenreiter <arne_f@ipfire.org>
	Mon, 6 Mar 2017 07:50:15 +0000 (08:50 +0100)
committer	Arne Fitzenreiter <arne_f@ipfire.org>
	Fri, 17 Nov 2023 09:02:31 +0000 (10:02 +0100)