diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-01-29 13:08:09 -0500 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-01-30 12:42:08 -0500 |
| commit | f5553c19ff9058136e7082c0b1f4268e705ea538 (patch) | |
| tree | 2bf96b97b4ceab6f925869359f29eb91b102a3dc | |
| parent | 579eb62ac35845686a7c4286c0a820b4eb1f96aa (diff) | |
netfilter: nf_tables: fix leaks in error path of nf_tables_newchain()
Release statistics and module refcount on memory allocation problems.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index b54360634e95..1ff04bcd4871 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c | |||
| @@ -1264,8 +1264,10 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb, | |||
| 1264 | nft_ctx_init(&ctx, skb, nlh, afi, table, chain, nla); | 1264 | nft_ctx_init(&ctx, skb, nlh, afi, table, chain, nla); |
| 1265 | trans = nft_trans_alloc(&ctx, NFT_MSG_NEWCHAIN, | 1265 | trans = nft_trans_alloc(&ctx, NFT_MSG_NEWCHAIN, |
| 1266 | sizeof(struct nft_trans_chain)); | 1266 | sizeof(struct nft_trans_chain)); |
| 1267 | if (trans == NULL) | 1267 | if (trans == NULL) { |
| 1268 | free_percpu(stats); | ||
| 1268 | return -ENOMEM; | 1269 | return -ENOMEM; |
| 1270 | } | ||
| 1269 | 1271 | ||
| 1270 | nft_trans_chain_stats(trans) = stats; | 1272 | nft_trans_chain_stats(trans) = stats; |
| 1271 | nft_trans_chain_update(trans) = true; | 1273 | nft_trans_chain_update(trans) = true; |
| @@ -1321,8 +1323,10 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb, | |||
| 1321 | hookfn = type->hooks[hooknum]; | 1323 | hookfn = type->hooks[hooknum]; |
| 1322 | 1324 | ||
| 1323 | basechain = kzalloc(sizeof(*basechain), GFP_KERNEL); | 1325 | basechain = kzalloc(sizeof(*basechain), GFP_KERNEL); |
| 1324 | if (basechain == NULL) | 1326 | if (basechain == NULL) { |
| 1327 | module_put(type->owner); | ||
| 1325 | return -ENOMEM; | 1328 | return -ENOMEM; |
| 1329 | } | ||
| 1326 | 1330 | ||
| 1327 | if (nla[NFTA_CHAIN_COUNTERS]) { | 1331 | if (nla[NFTA_CHAIN_COUNTERS]) { |
| 1328 | stats = nft_stats_alloc(nla[NFTA_CHAIN_COUNTERS]); | 1332 | stats = nft_stats_alloc(nla[NFTA_CHAIN_COUNTERS]); |