netfilter: nf_tables: destroy the set if fail to add transaction

commit c17c3cdf upstream. When the memory is exhausted, then we will fail to add the NFT_MSG_NEWSET transaction. In such case, we should destroy the set before we free it. Fixes: 958bee14 ("netfilter: nf_tables: use new transaction infrastructure to handle sets") Signed-off-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

netfilter: nf_tables: destroy the set if fail to add transaction
commit c17c3cdf upstream. When the memory is exhausted, then we will fail to add the NFT_MSG_NEWSET transaction. In such case, we should destroy the set before we free it. Fixes: 958bee14 ("netfilter: nf_tables: use new transaction infrastructure to handle sets") Signed-off-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
6ca68d95 · Liping Zhang · Ben Hutchings · 36da5ca7 · 6ca68d95
Commit 6ca68d95 authored Oct 29, 2016 by Liping Zhang Committed by Ben Hutchings Feb 23, 2017
Show whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

net/netfilter/nf_tables_api.c net/netfilter/nf_tables_api.c +3 -1

No files found.
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2642,12 +2642,14 @@ static int nf_tables_newset(struct sock *nlsk, struct sk_buff *skb,
 	err = nft_trans_set_add(&ctx, NFT_MSG_NEWSET, set);
 	if (err < 0)
-		goto err2;
+		goto err3;
 	list_add_tail_rcu(&set->list, &table->sets);
 	table->use++;
 	return 0;
+err3:
+	ops->destroy(set);
 err2:
 	kfree(set);
 err1: