diff options
| author |   Cong Wang <xiyou.wangcong@gmail.com> | 2019-01-23 12:58:57 -0800 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2019-01-28 11:32:55 +0100 |
| commit | ac088a88b5d544b7b82f00214b1588b3c88a7fc6 (patch) | |
| tree | 376ec6e5c96065f354f2234e84fdf1f06dcf3c9d /net/netfilter/nf_conntrack_standalone.c | |
| parent | netfilter: nft_counter: remove wrong __percpu of nft_counter_resest()'s arg (diff) | |
| download | linux-dev-ac088a88b5d544b7b82f00214b1588b3c88a7fc6.tar.xz linux-dev-ac088a88b5d544b7b82f00214b1588b3c88a7fc6.zip | |
netfilter: conntrack: fix error path in nf_conntrack_pernet_init()
When nf_ct_netns_get() fails, it should clean up itself,
its caller doesn't need to call nf_conntrack_fini_net().
nf_conntrack_init_net() is called after registering sysctl
and proc, so its cleanup function should be called before
unregistering sysctl and proc.
Fixes: ba3fbe663635 ("netfilter: nf_conntrack: provide modparam to always register conntrack hooks")
Fixes: b884fa461776 ("netfilter: conntrack: unify sysctl handling")
Reported-and-tested-by: syzbot+fcee88b2d87f0539dfe9@syzkaller.appspotmail.com
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nf_conntrack_standalone.c')
| -rw-r--r-- | net/netfilter/nf_conntrack_standalone.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 8928a4d0933e..c2ae14c720b4 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -1115,11 +1115,11 @@ static int nf_conntrack_pernet_init(struct net *net) return 0; out_hooks: - nf_conntrack_fini_net(net); + nf_conntrack_cleanup_net(net); out_init_net: nf_conntrack_standalone_fini_proc(net); out_proc: - nf_conntrack_cleanup_net(net); + nf_conntrack_standalone_fini_sysctl(net); return ret; } |