summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorLiping Zhang <zlpnobody@gmail.com>2016-10-29 16:03:05 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2016-10-31 13:17:29 +0100
commitc17c3cdff10b9f59ef1244a14604f10949f17117 (patch)
treef7ecd0a5e29b63d7b7d2af9b0fb189446994f045 /net
parentnetfilter: ip_vs_sync: fix bogus maybe-uninitialized warning (diff)
downloadlinux-c17c3cdff10b9f59ef1244a14604f10949f17117.tar.xz
linux-c17c3cdff10b9f59ef1244a14604f10949f17117.zip
netfilter: nf_tables: destroy the set if fail to add transaction
When the memory is exhausted, then we will fail to add the NFT_MSG_NEWSET transaction. In such case, we should destroy the set before we free it. Fixes: 958bee14d071 ("netfilter: nf_tables: use new transaction infrastructure to handle sets") Signed-off-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/nf_tables_api.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 365d31b86816..7d6a626b08f1 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2956,12 +2956,14 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk,
err = nft_trans_set_add(&ctx, NFT_MSG_NEWSET, set);
if (err < 0)
- goto err2;
+ goto err3;
list_add_tail_rcu(&set->list, &table->sets);
table->use++;
return 0;
+err3:
+ ops->destroy(set);
err2:
kfree(set);
err1: