netfilter: nft_ct: fix missing expect put in obj eval

Li Xiasong · gregkh · commit 2aef1b13d5c0 · 2026-05-23T13:04:58.000+02:00
commit 19f94b6 upstream. nft_ct_expect_obj_eval() allocates an expectation and may call nf_ct_expect_related(), but never drops its local reference. Add nf_ct_expect_put(exp) before return to balance allocation. Fixes: 857b460 ("netfilter: nft_ct: add ct expectations support") Cc: stable@vger.kernel.org Signed-off-by: Li Xiasong <lixiasong1@huawei.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
@@ -1363,6 +1363,8 @@ static void nft_ct_expect_obj_eval(struct nft_object *obj,
 
 	if (nf_ct_expect_related(exp, 0) != 0)
 		regs->verdict.code = NF_DROP;
+
+	nf_ct_expect_put(exp);
 }
 
 static const struct nla_policy nft_ct_expect_policy[NFTA_CT_EXPECT_MAX + 1] = {

Original file line number	Diff line number	Diff line change
`@@ -1363,6 +1363,8 @@ static void nft_ct_expect_obj_eval(struct nft_object *obj,`
`1363`	`1363`
`1364`	`1364`	`if (nf_ct_expect_related(exp, 0) != 0)`
`1365`	`1365`	`regs->verdict.code = NF_DROP;`
	`1366`	`+`
	`1367`	`+ nf_ct_expect_put(exp);`
`1366`	`1368`	`}`
`1367`	`1369`
`1368`	`1370`	`static const struct nla_policy nft_ct_expect_policy[NFTA_CT_EXPECT_MAX + 1] = {`