diff options
author | Liping Zhang <zlpnobody@gmail.com> | 2016-10-29 16:03:05 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-10-31 13:17:29 +0100 |
commit | c17c3cdff10b9f59ef1244a14604f10949f17117 (patch) | |
tree | f7ecd0a5e29b63d7b7d2af9b0fb189446994f045 /net | |
parent | netfilter: ip_vs_sync: fix bogus maybe-uninitialized warning (diff) | |
download | linux-c17c3cdff10b9f59ef1244a14604f10949f17117.tar.xz linux-c17c3cdff10b9f59ef1244a14604f10949f17117.zip |
netfilter: nf_tables: destroy the set if fail to add transaction
When the memory is exhausted, then we will fail to add the NFT_MSG_NEWSET
transaction. In such case, we should destroy the set before we free it.
Fixes: 958bee14d071 ("netfilter: nf_tables: use new transaction infrastructure to handle sets")
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nf_tables_api.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 365d31b86816..7d6a626b08f1 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -2956,12 +2956,14 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk, err = nft_trans_set_add(&ctx, NFT_MSG_NEWSET, set); if (err < 0) - goto err2; + goto err3; list_add_tail_rcu(&set->list, &table->sets); table->use++; return 0; +err3: + ops->destroy(set); err2: kfree(set); err1: |