[NETFILTER]: {arp,ip,ip6}_tables: proper error recovery in init path

Neither of {arp,ip,ip6}_tables cleans up behind itself when something goes
wrong during initialization.

Noticed by Rennie deGraaf <degraaf@cpsc.ucalgary.ca>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

2 files changed, 45 insertions, 15 deletions

diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 80c73ca90116..df4854cf598b 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -1170,21 +1170,34 @@ static int __init arp_tables_init(void)
 {
         int ret;
 
-        xt_proto_init(NF_ARP);
+        ret = xt_proto_init(NF_ARP);
+        if (ret < 0)
+                goto err1;
 
         /* Noone else will be downing sem now, so we won't sleep */
-        xt_register_target(&arpt_standard_target);
-        xt_register_target(&arpt_error_target);
+        ret = xt_register_target(&arpt_standard_target);
+        if (ret < 0)
+                goto err2;
+        ret = xt_register_target(&arpt_error_target);
+        if (ret < 0)
+                goto err3;
 
         /* Register setsockopt */
         ret = nf_register_sockopt(&arpt_sockopts);
-        if (ret < 0) {
-                duprintf("Unable to register sockopts.\n");
-                return ret;
-        }
+        if (ret < 0)
+                goto err4;
 
         printk("arp_tables: (C) 2002 David S. Miller\n");
         return 0;
+
+err4:
+        xt_unregister_target(&arpt_error_target);
+err3:
+        xt_unregister_target(&arpt_standard_target);
+err2:
+        xt_proto_fini(NF_ARP);
+err1:
+        return ret;
 }
 
 static void __exit arp_tables_fini(void)
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index fc5bdd5eb7d3..f316ff5fd8a6 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -2239,22 +2239,39 @@ static int __init ip_tables_init(void)
 {
         int ret;
 
-        xt_proto_init(AF_INET);
+        ret = xt_proto_init(AF_INET);
+        if (ret < 0)
+                goto err1;
 
         /* Noone else will be downing sem now, so we won't sleep */
-        xt_register_target(&ipt_standard_target);
-        xt_register_target(&ipt_error_target);
-        xt_register_match(&icmp_matchstruct);
+        ret = xt_register_target(&ipt_standard_target);
+        if (ret < 0)
+                goto err2;
+        ret = xt_register_target(&ipt_error_target);
+        if (ret < 0)
+                goto err3;
+        ret = xt_register_match(&icmp_matchstruct);
+        if (ret < 0)
+                goto err4;
 
         /* Register setsockopt */
         ret = nf_register_sockopt(&ipt_sockopts);
-        if (ret < 0) {
-                duprintf("Unable to register sockopts.\n");
-                return ret;
-        }
+        if (ret < 0)
+                goto err5;
 
         printk("ip_tables: (C) 2000-2006 Netfilter Core Team\n");
         return 0;
+
+err5:
+        xt_unregister_match(&icmp_matchstruct);
+err4:
+        xt_unregister_target(&ipt_error_target);
+err3:
+        xt_unregister_target(&ipt_standard_target);
+err2:
+        xt_proto_fini(AF_INET);
+err1:
+        return ret;
 }
 
 static void __exit ip_tables_fini(void)