From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 29 Jan 2015 18:08:09 +0000 (+0100)
Subject: netfilter: nf_tables: fix leaks in error path of nf_tables_newchain()
X-Git-Tag: v3.16.35~2643
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0fe040344fe6799ac8a55d08041dd9df134a543e;p=thirdparty%2Fkernel%2Fstable.git

netfilter: nf_tables: fix leaks in error path of nf_tables_newchain()

commit f5553c19ff9058136e7082c0b1f4268e705ea538 upstream.

Release statistics and module refcount on memory allocation problems.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
---

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index fe551ca01a981..e1cf0f89748d8 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1034,8 +1034,10 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
 		nft_ctx_init(&ctx, skb, nlh, afi, table, chain, nla);
 		trans = nft_trans_alloc(&ctx, NFT_MSG_NEWCHAIN,
 					sizeof(struct nft_trans_chain));
-		if (trans == NULL)
+		if (trans == NULL) {
+			free_percpu(stats);
 			return -ENOMEM;
+		}
 
 		nft_trans_chain_stats(trans) = stats;
 		nft_trans_chain_update(trans) = true;
@@ -1091,8 +1093,10 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
 		hookfn = type->hooks[hooknum];
 
 		basechain = kzalloc(sizeof(*basechain), GFP_KERNEL);
-		if (basechain == NULL)
+		if (basechain == NULL) {
+			module_put(type->owner);
 			return -ENOMEM;
+		}
 
 		if (nla[NFTA_CHAIN_COUNTERS]) {
 			stats = nft_stats_alloc(nla[NFTA_CHAIN_COUNTERS]);