[NETFILTER]: return ENOMEM when ip_conntrack_alloc() fails.

This patch fixes the bug which doesn't return ERR_PTR(-ENOMEM) if it
failed to allocate memory space from slab cache.  This bug leads to
erroneously not dropped packets under stress, and wrong statistic
counters ('invalid' is incremented instead of 'drop').  It was
introduced during the ctnetlink merge in the net-2.6.14 tree, so no
stable or mainline releases affected.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 4 insertions, 3 deletions

diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index 9261388d5ac2..285743bfbed3 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -655,7 +655,7 @@ struct ip_conntrack *ip_conntrack_alloc(struct ip_conntrack_tuple *orig,
         conntrack = kmem_cache_alloc(ip_conntrack_cachep, GFP_ATOMIC);
         if (!conntrack) {
                 DEBUGP("Can't allocate conntrack.\n");
-                return NULL;
+                return ERR_PTR(-ENOMEM);
         }
 
         memset(conntrack, 0, sizeof(*conntrack));
@@ -696,8 +696,9 @@ init_conntrack(struct ip_conntrack_tuple *tuple,
                 return NULL;
         }
 
-        if (!(conntrack = ip_conntrack_alloc(tuple, &repl_tuple)))
-                return NULL;
+        conntrack = ip_conntrack_alloc(tuple, &repl_tuple);
+        if (conntrack == NULL || IS_ERR(conntrack))
+                return (struct ip_conntrack_tuple_hash *)conntrack;
 
         if (!protocol->new(conntrack, skb)) {
                 ip_conntrack_free(conntrack);