[NETFILTER]: conntrack: fix refcount leak when finding expectation

All users of __{ip,nf}_conntrack_expect_find() don't expect that
it increments the reference count of expectation.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 3 insertions, 3 deletions

diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index 143c4668538b..8b848aa77bfc 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -225,10 +225,8 @@ __ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple)
         struct ip_conntrack_expect *i;
         
         list_for_each_entry(i, &ip_conntrack_expect_list, list) {
-                if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)) {
-                        atomic_inc(&i->use);
+                if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask))
                         return i;
-                }
         }
         return NULL;
 }
@@ -241,6 +239,8 @@ ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple)
         
         read_lock_bh(&ip_conntrack_lock);
         i = __ip_conntrack_expect_find(tuple);
+        if (i)
+                atomic_inc(&i->use);
         read_unlock_bh(&ip_conntrack_lock);
 
         return i;