From 6dcfe88a27318e313c1cb9130177a839926fe042 Mon Sep 17 00:00:00 2001
From: Paul Aitken <paitken@brocade.com>
Date: Thu, 4 Jun 2015 10:15:00 +0100
Subject: conntrackd: remove unused 'numbytes'

'numbytes' isn't used and can be removed.

Signed-off-by: Paul Aitken <paitken@brocade.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/local.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'src/local.c')

diff --git a/src/local.c b/src/local.c
index feff608..453799a 100644
--- a/src/local.c
+++ b/src/local.c
@@ -117,11 +117,10 @@ void local_client_destroy(int fd)
 
 int do_local_client_step(int fd, void (*process)(char *buf))
 {
-	int numbytes;
 	char buf[1024];
 
 	memset(buf, 0, sizeof(buf));
-	while ((numbytes = recv(fd, buf, sizeof(buf)-1, 0)) > 0) {
+	while (recv(fd, buf, sizeof(buf)-1, 0) > 0) {
 		buf[sizeof(buf)-1] = '\0';
 		if (process)
 			process(buf);
-- 
cgit v1.2.3


From 99dc0ba1e12c40a1c69c6f831a78a06248b3e2a4 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 18 Aug 2015 18:59:18 +0200
Subject: conntrackd: fix descriptor leak in do_local_request()

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/local.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/local.c')

diff --git a/src/local.c b/src/local.c
index 453799a..85e5180 100644
--- a/src/local.c
+++ b/src/local.c
@@ -147,11 +147,14 @@ int do_local_request(int request,
 
 	ret = send(fd, &request, sizeof(int), 0);
 	if (ret == -1)
-		return -1;
+		goto err1;
 
 	do_local_client_step(fd, step);
 
 	local_client_destroy(fd);
-	
+
 	return 0;
+err1:
+	local_client_destroy(fd);
+	return -1;
 }
-- 
cgit v1.2.3


From 097bb594e6844fe3edc1b01768a8ced37433378b Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 18 Aug 2015 19:05:23 +0200
Subject: conntrackd: fix error handling in nfq_queue_cb()

Make sure we have a clean exit on error, everything needs to be properly
released.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/cthelper.c | 29 +++++++++++++++--------------
 src/local.c    |  2 +-
 2 files changed, 16 insertions(+), 15 deletions(-)

(limited to 'src/local.c')

diff --git a/src/cthelper.c b/src/cthelper.c
index 6537515..54eb830 100644
--- a/src/cthelper.c
+++ b/src/cthelper.c
@@ -277,11 +277,11 @@ static int nfq_queue_cb(const struct nlmsghdr *nlh, void *data)
 
 	if (!attr[NFQA_PAYLOAD]) {
 		dlog(LOG_ERR, "packet with no payload");
-		goto err;
+		goto err1;
 	}
 	if (!attr[NFQA_CT] || !attr[NFQA_CT_INFO]) {
 		dlog(LOG_ERR, "no CT attached to this packet");
-		goto err;
+		goto err1;
 	}
 
 	pkt = mnl_attr_get_payload(attr[NFQA_PAYLOAD]);
@@ -292,22 +292,22 @@ static int nfq_queue_cb(const struct nlmsghdr *nlh, void *data)
 	queue_num = ntohs(nfg->res_id);
 
 	if (pkt_get(pkt, pktlen, ntohs(ph->hw_protocol), &protoff))
-		goto err;
+		goto err1;
 
 	ct = nfct_new();
 	if (ct == NULL)
-		goto err;
+		goto err1;
 
 	if (nfct_payload_parse(mnl_attr_get_payload(attr[NFQA_CT]),
 			       mnl_attr_get_payload_len(attr[NFQA_CT]),
 			       l3num, ct) < 0) {
 		dlog(LOG_ERR, "cannot convert message to CT");
-		goto err;
+		goto err2;
 	}
 
 	myct = calloc(1, sizeof(struct myct));
 	if (myct == NULL)
-		goto err;
+		goto err2;
 
 	myct->ct = ct;
 	ctinfo = ntohl(mnl_attr_get_u32(attr[NFQA_CT_INFO]));
@@ -315,15 +315,15 @@ static int nfq_queue_cb(const struct nlmsghdr *nlh, void *data)
 	/* XXX: 256 bytes enough for possible NAT mangling in helpers? */
 	pktb = pktb_alloc(AF_INET, pkt, pktlen, 256);
 	if (pktb == NULL)
-		goto err;
+		goto err3;
 
 	/* Misconfiguration: if no helper found, accept the packet. */
 	helper = helper_run(pktb, protoff, myct, ctinfo, queue_num, &verdict);
 	if (!helper)
-		goto err_pktb;
+		goto err4;
 
 	if (pkt_verdict_issue(helper, myct, queue_num, id, verdict, pktb) < 0)
-		goto err_pktb;
+		goto err4;
 
 	nfct_destroy(ct);
 	if (myct->exp != NULL)
@@ -333,18 +333,19 @@ static int nfq_queue_cb(const struct nlmsghdr *nlh, void *data)
 	free(myct);
 
 	return MNL_CB_OK;
-err_pktb:
+err4:
 	pktb_free(pktb);
-err:
+err3:
+	free(myct);
+err2:
+	nfct_destroy(ct);
+err1:
 	/* In case of error, we don't want to disrupt traffic. We accept all.
 	 * This is connection tracking after all. The policy is not to drop
 	 * packet unless we enter some inconsistent state.
 	 */
 	pkt_verdict_error(queue_num, id);
 
-	if (ct != NULL)
-		nfct_destroy(ct);
-
 	return MNL_CB_OK;
 }
 
diff --git a/src/local.c b/src/local.c
index 85e5180..3395b4c 100644
--- a/src/local.c
+++ b/src/local.c
@@ -77,7 +77,7 @@ int do_local_server_step(struct local_server *server, void *data,
 	int rfd;
 	struct sockaddr_un local;
 	socklen_t sin_size = sizeof(struct sockaddr_un);
-	
+
 	rfd = accept(server->fd, (struct sockaddr *) &local, &sin_size);
 	if (rfd == -1)
 		return -1;
-- 
cgit v1.2.3