From: Liping Zhang zlpnobody@gmail.com
commit c17c3cdff10b9f59ef1244a14604f10949f17117 upstream.
When the memory is exhausted, then we will fail to add the NFT_MSG_NEWSET transaction. In such case, we should destroy the set before we free it.
Fixes: 958bee14d071 ("netfilter: nf_tables: use new transaction infrastructure to handle sets") Signed-off-by: Liping Zhang zlpnobody@gmail.com Signed-off-by: Pablo Neira Ayuso pablo@netfilter.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- net/netfilter/nf_tables_api.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
--- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -2849,12 +2849,14 @@ static int nf_tables_newset(struct net *
err = nft_trans_set_add(&ctx, NFT_MSG_NEWSET, set); if (err < 0) - goto err2; + goto err3;
list_add_tail_rcu(&set->list, &table->sets); table->use++; return 0;
+err3: + ops->destroy(set); err2: kfree(set); err1: