[PATCH 2.6.10]: Fix memory leak in ip_conntrack_ftp

Patrick McHardy kaber at trash.net
Wed Dec 8 22:40:58 CET 2004


Hi Dave,

this patch fixes a remotely triggerable memory leak in ip_conntrack_ftp.
exp leaks when a FTP date connection to a host different from the client
(FXP) is attempted and the loose option is not set. It should go in
2.6.10 in my opinion.

Regards
Patrick

-------------- next part --------------
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
#   2004/12/08 02:00:45+01:00 kaber at coreworks.de 
#   [NETFILTER]: Fix memory leak in ip_conntrack_ftp
#   
#   Signed-off-by: Patrick McHardy <kaber at trash.net>
# 
# net/ipv4/netfilter/ip_conntrack_ftp.c
#   2004/12/08 02:00:39+01:00 kaber at coreworks.de +1 -0
#   [NETFILTER]: Fix memory leak in ip_conntrack_ftp
#   
#   Signed-off-by: Patrick McHardy <kaber at trash.net>
# 
diff -Nru a/net/ipv4/netfilter/ip_conntrack_ftp.c b/net/ipv4/netfilter/ip_conntrack_ftp.c
--- a/net/ipv4/netfilter/ip_conntrack_ftp.c	2004-12-08 22:22:37 +01:00
+++ b/net/ipv4/netfilter/ip_conntrack_ftp.c	2004-12-08 22:22:37 +01:00
@@ -381,6 +381,7 @@
 		   problem (DMZ machines opening holes to internal
 		   networks, or the packet filter itself). */
 		if (!loose) {
+			ip_conntrack_expect_put(exp);
 			ret = NF_ACCEPT;
 			goto out;
 		}


More information about the netfilter-devel mailing list