[NETFILTER]: {arp,ip,ip6}_tables: proper error recovery in init path

Neither of {arp,ip,ip6}_tables cleans up behind itself when something goes wrong during initialization. Noticed by Rennie deGraaf <degraaf@cpsc.ucalgary.ca> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Patrick McHardy <kaber@trash.net> 2006-08-13 21:57:28 -0400
committer: David S. Miller <davem@davemloft.net> 2006-08-13 21:57:28 -0400
commit: 0eff66e625306a794ecba4b29ed12f7a147ce219 (patch)
tree: 2f6cfe4d4c6305ccf1c0e942865e8753959a27a4 /net
parent: 7ee66fcb94cb8be77d5f34cce7d315d11759f9c1 (diff)
3 files changed, 70 insertions, 24 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 80c73ca90116..df4854cf598b 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -1170,21 +1170,34 @@ static int __init arp_tables_init(void)
 {
        int ret;
-        xt_proto_init(NF_ARP);
+        ret = xt_proto_init(NF_ARP);
+        if (ret < 0)
+                goto err1;
        /* Noone else will be downing sem now, so we won't sleep */
-        xt_register_target(&arpt_standard_target);
+        ret = xt_register_target(&arpt_standard_target);
-        xt_register_target(&arpt_error_target);
+        if (ret < 0)
+                goto err2;
+        ret = xt_register_target(&arpt_error_target);
+        if (ret < 0)
+                goto err3;
        /* Register setsockopt */
        ret = nf_register_sockopt(&arpt_sockopts);
-        if (ret < 0) {
+        if (ret < 0)
-                duprintf("Unable to register sockopts.\n");
+                goto err4;
-                return ret;
-        }
        printk("arp_tables: (C) 2002 David S. Miller\n");
        return 0;
+err4:
+        xt_unregister_target(&arpt_error_target);
+err3:
+        xt_unregister_target(&arpt_standard_target);
+err2:
+        xt_proto_fini(NF_ARP);
+err1:
+        return ret;
 }
 static void __exit arp_tables_fini(void)
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index fc5bdd5eb7d3..f316ff5fd8a6 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -2239,22 +2239,39 @@ static int __init ip_tables_init(void)
 {
        int ret;
-        xt_proto_init(AF_INET);
+        ret = xt_proto_init(AF_INET);
+        if (ret < 0)
+                goto err1;
        /* Noone else will be downing sem now, so we won't sleep */
-        xt_register_target(&ipt_standard_target);
+        ret = xt_register_target(&ipt_standard_target);
-        xt_register_target(&ipt_error_target);
+        if (ret < 0)
-        xt_register_match(&icmp_matchstruct);
+                goto err2;
+        ret = xt_register_target(&ipt_error_target);
+        if (ret < 0)
+                goto err3;
+        ret = xt_register_match(&icmp_matchstruct);
+        if (ret < 0)
+                goto err4;
        /* Register setsockopt */
        ret = nf_register_sockopt(&ipt_sockopts);
-        if (ret < 0) {
+        if (ret < 0)
-                duprintf("Unable to register sockopts.\n");
+                goto err5;
-                return ret;
-        }
        printk("ip_tables: (C) 2000-2006 Netfilter Core Team\n");
        return 0;
+err5:
+        xt_unregister_match(&icmp_matchstruct);
+err4:
+        xt_unregister_target(&ipt_error_target);
+err3:
+        xt_unregister_target(&ipt_standard_target);
+err2:
+        xt_proto_fini(AF_INET);
+err1:
+        return ret;
 }
 static void __exit ip_tables_fini(void)
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index f26898b00347..c9d6b23cd3f7 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1398,23 +1398,39 @@ static int __init ip6_tables_init(void)
 {
        int ret;
-        xt_proto_init(AF_INET6);
+        ret = xt_proto_init(AF_INET6);
+        if (ret < 0)
+                goto err1;
        /* Noone else will be downing sem now, so we won't sleep */
-        xt_register_target(&ip6t_standard_target);
+        ret = xt_register_target(&ip6t_standard_target);
-        xt_register_target(&ip6t_error_target);
+        if (ret < 0)
-        xt_register_match(&icmp6_matchstruct);
+                goto err2;
+        ret = xt_register_target(&ip6t_error_target);
+        if (ret < 0)
+                goto err3;
+        ret = xt_register_match(&icmp6_matchstruct);
+        if (ret < 0)
+                goto err4;
        /* Register setsockopt */
        ret = nf_register_sockopt(&ip6t_sockopts);
-        if (ret < 0) {
+        if (ret < 0)
-                duprintf("Unable to register sockopts.\n");
+                goto err5;
-                xt_proto_fini(AF_INET6);
-                return ret;
-        }
        printk("ip6_tables: (C) 2000-2006 Netfilter Core Team\n");
        return 0;
+err5:
+        xt_unregister_match(&icmp6_matchstruct);
+err4:
+        xt_unregister_target(&ip6t_error_target);
+err3:
+        xt_unregister_target(&ip6t_standard_target);
+err2:
+        xt_proto_fini(AF_INET6);
+err1:
+        return ret;
 }
 static void __exit ip6_tables_fini(void)
author	Patrick McHardy <kaber@trash.net>	2006-08-13 21:57:28 -0400
committer	David S. Miller <davem@davemloft.net>	2006-08-13 21:57:28 -0400
commit	0eff66e625306a794ecba4b29ed12f7a147ce219 (patch)
tree	2f6cfe4d4c6305ccf1c0e942865e8753959a27a4 /net
parent	7ee66fcb94cb8be77d5f34cce7d315d11759f9c1 (diff)