[NETFILTER]: Fix memory leak in ipt_recent

The Coverity checker spotted that we may leak 'hold' in
net/ipv4/netfilter/ipt_recent.c::checkentry() when the following
is true:
  if (!curr_table->status_proc) {
    ...
    if(!curr_table) {
    ...
      return 0;  <-- here we leak.
Simply moving an existing vfree(hold); up a bit avoids the possible leak.

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c
index 1438432..b847ee4 100644 (file)
--- a/net/ipv4/netfilter/ipt_recent.c
+++ b/net/ipv4/netfilter/ipt_recent.c
@@ -821,6 +821,7 @@ checkentry(const char *tablename,
        /* Create our proc 'status' entry. */
        curr_table->status_proc = create_proc_entry(curr_table->name, ip_list_perms, proc_net_ipt_recent);
        if (!curr_table->status_proc) {
+               vfree(hold);
                printk(KERN_INFO RECENT_NAME ": checkentry: unable to allocate for /proc entry.\n");
                /* Destroy the created table */
                spin_lock_bh(&recent_lock);
@@ -845,7 +846,6 @@ checkentry(const char *tablename,
                spin_unlock_bh(&recent_lock);
                vfree(curr_table->time_info);
                vfree(curr_table->hash_table);
-               vfree(hold);
                vfree(curr_table->table);
                vfree(curr_table);
                return 0;