netfilter: conntrack: fix error path in nf_conntrack_pernet_init()

When nf_ct_netns_get() fails, it should clean up itself, its caller doesn't need to call nf_conntrack_fini_net(). nf_conntrack_init_net() is called after registering sysctl and proc, so its cleanup function should be called before unregistering sysctl and proc. Fixes: ba3fbe663635 ("netfilter: nf_conntrack: provide modparam to always register conntrack hooks") Fixes: b884fa461776 ("netfilter: conntrack: unify sysctl handling") Reported-and-tested-by: syzbot+fcee88b2d87f0539dfe9@syzkaller.appspotmail.com Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: conntrack: fix error path in nf_conntrack_pernet_init()
When nf_ct_netns_get() fails, it should clean up itself, its caller doesn't need to call nf_conntrack_fini_net(). nf_conntrack_init_net() is called after registering sysctl and proc, so its cleanup function should be called before unregistering sysctl and proc. Fixes: ba3fbe663635 ("netfilter: nf_conntrack: provide modparam to always register conntrack hooks") Fixes: b884fa461776 ("netfilter: conntrack: unify sysctl handling") Reported-and-tested-by: syzbot+fcee88b2d87f0539dfe9@syzkaller.appspotmail.com Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Cong Wang · Pablo Neira Ayuso
1 parent dd03b1ad26
Showing 1 changed file with 2 additions and 2 deletions Side-by-side Diff
net/netfilter/nf_conntrack_standalone.c
@@ -1115,11 +1115,11 @@
 	return 0;
  
 out_hooks:
-	nf_conntrack_fini_net(net);
+	nf_conntrack_cleanup_net(net);
 out_init_net:
 	nf_conntrack_standalone_fini_proc(net);
 out_proc:
-	nf_conntrack_cleanup_net(net);
+	nf_conntrack_standalone_fini_sysctl(net);
 	return ret;
 }
...	...	@@ -1115,11 +1115,11 @@
1115	1115	return 0;
1116	1116
1117	1117	out_hooks:
1118		- nf_conntrack_fini_net(net);
	1118	+ nf_conntrack_cleanup_net(net);
1119	1119	out_init_net:
1120	1120	nf_conntrack_standalone_fini_proc(net);
1121	1121	out_proc:
1122		- nf_conntrack_cleanup_net(net);
	1122	+ nf_conntrack_standalone_fini_sysctl(net);
1123	1123	return ret;
1124	1124	}
1125	1125