Skip to content

Commit b1732e1

Browse files
author
Jozsef Kadlecsik
committed
netfilter: ipset: Fix error path in set_target_v3_checkentry()
Fix error path and release the references properly. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
1 parent 13c6ba1 commit b1732e1

File tree

1 file changed

+21
-20
lines changed

1 file changed

+21
-20
lines changed

net/netfilter/xt_set.c

Lines changed: 21 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -439,6 +439,7 @@ set_target_v3_checkentry(const struct xt_tgchk_param *par)
439439
{
440440
const struct xt_set_info_target_v3 *info = par->targinfo;
441441
ip_set_id_t index;
442+
int ret = 0;
442443

443444
if (info->add_set.index != IPSET_INVALID_ID) {
444445
index = ip_set_nfnl_get_byindex(par->net,
@@ -456,55 +457,55 @@ set_target_v3_checkentry(const struct xt_tgchk_param *par)
456457
if (index == IPSET_INVALID_ID) {
457458
pr_info_ratelimited("Cannot find del_set index %u as target\n",
458459
info->del_set.index);
459-
if (info->add_set.index != IPSET_INVALID_ID)
460-
ip_set_nfnl_put(par->net,
461-
info->add_set.index);
462-
return -ENOENT;
460+
ret = -ENOENT;
461+
goto cleanup_add;
463462
}
464463
}
465464

466465
if (info->map_set.index != IPSET_INVALID_ID) {
467466
if (strncmp(par->table, "mangle", 7)) {
468467
pr_info_ratelimited("--map-set only usable from mangle table\n");
469-
return -EINVAL;
468+
ret = -EINVAL;
469+
goto cleanup_del;
470470
}
471471
if (((info->flags & IPSET_FLAG_MAP_SKBPRIO) |
472472
(info->flags & IPSET_FLAG_MAP_SKBQUEUE)) &&
473473
(par->hook_mask & ~(1 << NF_INET_FORWARD |
474474
1 << NF_INET_LOCAL_OUT |
475475
1 << NF_INET_POST_ROUTING))) {
476476
pr_info_ratelimited("mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains\n");
477-
return -EINVAL;
477+
ret = -EINVAL;
478+
goto cleanup_del;
478479
}
479480
index = ip_set_nfnl_get_byindex(par->net,
480481
info->map_set.index);
481482
if (index == IPSET_INVALID_ID) {
482483
pr_info_ratelimited("Cannot find map_set index %u as target\n",
483484
info->map_set.index);
484-
if (info->add_set.index != IPSET_INVALID_ID)
485-
ip_set_nfnl_put(par->net,
486-
info->add_set.index);
487-
if (info->del_set.index != IPSET_INVALID_ID)
488-
ip_set_nfnl_put(par->net,
489-
info->del_set.index);
490-
return -ENOENT;
485+
ret = -ENOENT;
486+
goto cleanup_del;
491487
}
492488
}
493489

494490
if (info->add_set.dim > IPSET_DIM_MAX ||
495491
info->del_set.dim > IPSET_DIM_MAX ||
496492
info->map_set.dim > IPSET_DIM_MAX) {
497493
pr_info_ratelimited("SET target dimension over the limit!\n");
498-
if (info->add_set.index != IPSET_INVALID_ID)
499-
ip_set_nfnl_put(par->net, info->add_set.index);
500-
if (info->del_set.index != IPSET_INVALID_ID)
501-
ip_set_nfnl_put(par->net, info->del_set.index);
502-
if (info->map_set.index != IPSET_INVALID_ID)
503-
ip_set_nfnl_put(par->net, info->map_set.index);
504-
return -ERANGE;
494+
ret = -ERANGE;
495+
goto cleanup_mark;
505496
}
506497

507498
return 0;
499+
cleanup_mark:
500+
if (info->map_set.index != IPSET_INVALID_ID)
501+
ip_set_nfnl_put(par->net, info->map_set.index);
502+
cleanup_del:
503+
if (info->del_set.index != IPSET_INVALID_ID)
504+
ip_set_nfnl_put(par->net, info->del_set.index);
505+
cleanup_add:
506+
if (info->add_set.index != IPSET_INVALID_ID)
507+
ip_set_nfnl_put(par->net, info->add_set.index);
508+
return ret;
508509
}
509510

510511
static void

0 commit comments

Comments
 (0)