netfilter: nf_tables: fix unexpected EOPNOTSUPP error

If the object type doesn't implement an update operation and the user tries to update it will silently ignore the update operation. Fixes: aa4095a156b5 ("netfilter: nf_tables: fix possible null-pointer dereference in object update") Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Fernando Fernandez Mancera <ffmancera@riseup.net> 2019-11-02 16:59:44 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2019-11-04 14:58:33 -0500
commit: 9fedd894b4e1c7ad5e5f711899f6a0a1da01d996 (patch)
tree: f7110b7271b6fb6a809ac0a3ebc75399db579af5 /net
parent: 250367c59e6ba0d79d702a059712d66edacd4a1a (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index d481f9baca2f..aa26841ad9a1 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5143,9 +5143,6 @@ static int nf_tables_updobj(const struct nft_ctx *ctx,
        struct nft_trans *trans;
        int err;
-        if (!obj->ops->update)
-                return -EOPNOTSUPP;
        trans = nft_trans_alloc(ctx, NFT_MSG_NEWOBJ,
                                sizeof(struct nft_trans_obj));
        if (!trans)
@@ -6499,7 +6496,8 @@ static void nft_obj_commit_update(struct nft_trans *trans)
        obj = nft_trans_obj(trans);
        newobj = nft_trans_obj_newobj(trans);
-        obj->ops->update(obj, newobj);
+        if (obj->ops->update)
+                obj->ops->update(obj, newobj);
        kfree(newobj);
 }
author	Fernando Fernandez Mancera <ffmancera@riseup.net>	2019-11-02 16:59:44 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-11-04 14:58:33 -0500
commit	9fedd894b4e1c7ad5e5f711899f6a0a1da01d996 (patch)
tree	f7110b7271b6fb6a809ac0a3ebc75399db579af5 /net
parent	250367c59e6ba0d79d702a059712d66edacd4a1a (diff)