[NETFILTER]: refcount leak of proto when ctnetlink dumping tuple

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 431a446994f6bcd6a10b01a61271f3cc0a484c2b..02f303cf201e357c3710a9f4aae3a3243dc5480a 100644 (file)
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -58,14 +58,17 @@ ctnetlink_dump_tuples_proto(struct sk_buff *skb,
                            const struct ip_conntrack_tuple *tuple)
 {
        struct ip_conntrack_protocol *proto;
+       int ret = 0;
 
        NFA_PUT(skb, CTA_PROTO_NUM, sizeof(u_int8_t), &tuple->dst.protonum);
 
        proto = ip_conntrack_proto_find_get(tuple->dst.protonum);
-       if (proto && proto->tuple_to_nfattr)
-               return proto->tuple_to_nfattr(skb, tuple);
+       if (likely(proto && proto->tuple_to_nfattr)) {
+               ret = proto->tuple_to_nfattr(skb, tuple);
+               ip_conntrack_proto_put(proto);
+       }
 
-       return 0;
+       return ret;
 
 nfattr_failure:
        return -1;