Re: [PATCH] fix mem-leak in netfilter
From: Stephen Frost
Date: Mon May 15 2006 - 17:03:05 EST
* Stephen Frost (sfrost@xxxxxxxxxxx) wrote:
> * Patrick McHardy (kaber@xxxxxxxxx) wrote:
> > This is the updated patch, it changes the eviction strategy
> > to LRU and fixes a bug related to TTL handling, the TTL stored
> > in the entry should only be overwritten if the IPT_RECENT_TTL
> > flag is set.
>
> I thought that I had convinced myself that the TTL handling was okay and
> that where it was overwritten wasn't harmful. Oh well.
Looking at this again... The ttl isn't copied into 'ttl' unless the
check_set has TTL turned on. This means that the overwritting was fine,
if you accept that you can only ever match on TTL, or never match on it.
That doesn't seem right to me. The TTL in the table should always be
kept up-to-date and the only question is if the current rule requires it
for a match or not. This isn't a huge change, just set the local
variable always but check for if it's asked to match before calling the
lookup. Or you could move it into an if/else block.
Thanks,
Stephen
Attachment:
signature.asc
Description: Digital signature