From: Liping Zhang <zlpnobody@gmail.com>
Date: Sat, 29 Oct 2016 14:03:05 +0000 (+0800)
Subject: netfilter: nf_tables: destroy the set if fail to add transaction
X-Git-Tag: v3.16.40~116
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6ca68d9535acf388b07d141a743316632d8b3cbe;p=thirdparty%2Fkernel%2Fstable.git

netfilter: nf_tables: destroy the set if fail to add transaction

commit c17c3cdff10b9f59ef1244a14604f10949f17117 upstream.

When the memory is exhausted, then we will fail to add the NFT_MSG_NEWSET
transaction. In such case, we should destroy the set before we free it.

Fixes: 958bee14d071 ("netfilter: nf_tables: use new transaction infrastructure to handle sets")
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 705453decd569..0ae0662ce3852 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2642,12 +2642,14 @@ static int nf_tables_newset(struct sock *nlsk, struct sk_buff *skb,
 
 	err = nft_trans_set_add(&ctx, NFT_MSG_NEWSET, set);
 	if (err < 0)
-		goto err2;
+		goto err3;
 
 	list_add_tail_rcu(&set->list, &table->sets);
 	table->use++;
 	return 0;
 
+err3:
+	ops->destroy(set);
 err2:
 	kfree(set);
 err1: