netfilter: nf_tables: bail out if stateful expression provides no .clone

commit 3c13725f43dcf43ad8a9bcd6a9f12add19a8f93e upstream.

All existing NFT_EXPR_STATEFUL provide a .clone interface, remove
fallback to copy content of stateful expression since this is never
exercised and bail out if .clone interface is not defined.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 04f4f75e74dae48b58a255ff5e89b76ad4c60c42..395bd8c1f5c341b201a0888eb0ebfcb20571bbbe 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -3053,14 +3053,13 @@ int nft_expr_clone(struct nft_expr *dst, struct nft_expr *src)
 {
        int err;
 
-       if (src->ops->clone) {
-               dst->ops = src->ops;
-               err = src->ops->clone(dst, src);
-               if (err < 0)
-                       return err;
-       } else {
-               memcpy(dst, src, src->ops->size);
-       }
+       if (WARN_ON_ONCE(!src->ops->clone))
+               return -EINVAL;
+
+       dst->ops = src->ops;
+       err = src->ops->clone(dst, src);
+       if (err < 0)
+               return err;
 
        __module_get(src->ops->type->owner);