netfilter: xt_CT: don't put back reference to timeout policy object

On success, this shouldn't put back the timeout policy object, otherwise we may have module refcount overflow and we allow deletion of timeout that are still in use. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2015-10-05 16:51:03 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-10-12 16:54:45 +0200
commit: 403d89ad9cc076db44c76ab75c7629497d8ddbb2 (patch)
tree: ab8443a59b8b3f0f1fcac3843357ebedb73cf865 /net/netfilter
parent: netfilter: nfnetlink_log: allow to attach conntrack (diff)
download: linux-dev-403d89ad9cc076db44c76ab75c7629497d8ddbb2.tar.xz
linux-dev-403d89ad9cc076db44c76ab75c7629497d8ddbb2.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
index faf32d888198..a03924c1db41 100644
--- a/net/netfilter/xt_CT.c
+++ b/net/netfilter/xt_CT.c
@@ -171,6 +171,9 @@ xt_ct_set_timeout(struct nf_conn *ct, const struct xt_tgchk_param *par,
 	if (timeout_ext == NULL)
 		ret = -ENOMEM;
 
+	rcu_read_unlock();
+	return ret;
+
 err_put_timeout:
 	__xt_ct_tg_timeout_put(timeout);
 out:
author	Pablo Neira Ayuso <pablo@netfilter.org>	2015-10-05 16:51:03 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-10-12 16:54:45 +0200
commit	403d89ad9cc076db44c76ab75c7629497d8ddbb2 (patch)
tree	ab8443a59b8b3f0f1fcac3843357ebedb73cf865 /net/netfilter
parent	netfilter: nfnetlink_log: allow to attach conntrack (diff)
download	linux-dev-403d89ad9cc076db44c76ab75c7629497d8ddbb2.tar.xz linux-dev-403d89ad9cc076db44c76ab75c7629497d8ddbb2.zip