netfilter: nf_tables: fix leaks in error path of nf_tables_newchain()

Release statistics and module refcount on memory allocation problems.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 6 insertions, 2 deletions

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index b54360634e95..1ff04bcd4871 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1264,8 +1264,10 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
                 nft_ctx_init(&ctx, skb, nlh, afi, table, chain, nla);
                 trans = nft_trans_alloc(&ctx, NFT_MSG_NEWCHAIN,
                                         sizeof(struct nft_trans_chain));
-                if (trans == NULL)
+                if (trans == NULL) {
+                        free_percpu(stats);
                         return -ENOMEM;
+                }
 
                 nft_trans_chain_stats(trans) = stats;
                 nft_trans_chain_update(trans) = true;
@@ -1321,8 +1323,10 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
                 hookfn = type->hooks[hooknum];
 
                 basechain = kzalloc(sizeof(*basechain), GFP_KERNEL);
-                if (basechain == NULL)
+                if (basechain == NULL) {
+                        module_put(type->owner);
                         return -ENOMEM;
+                }
 
                 if (nla[NFTA_CHAIN_COUNTERS]) {
                         stats = nft_stats_alloc(nla[NFTA_CHAIN_COUNTERS]);