mirror of https://gitee.com/openkylin/linux.git
netfilter: ipset: Fix error path in set_target_v3_checkentry()
Fix error path and release the references properly. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
This commit is contained in:
parent
13c6ba1f85
commit
b1732e1638
|
@ -439,6 +439,7 @@ set_target_v3_checkentry(const struct xt_tgchk_param *par)
|
||||||
{
|
{
|
||||||
const struct xt_set_info_target_v3 *info = par->targinfo;
|
const struct xt_set_info_target_v3 *info = par->targinfo;
|
||||||
ip_set_id_t index;
|
ip_set_id_t index;
|
||||||
|
int ret = 0;
|
||||||
|
|
||||||
if (info->add_set.index != IPSET_INVALID_ID) {
|
if (info->add_set.index != IPSET_INVALID_ID) {
|
||||||
index = ip_set_nfnl_get_byindex(par->net,
|
index = ip_set_nfnl_get_byindex(par->net,
|
||||||
|
@ -456,17 +457,16 @@ set_target_v3_checkentry(const struct xt_tgchk_param *par)
|
||||||
if (index == IPSET_INVALID_ID) {
|
if (index == IPSET_INVALID_ID) {
|
||||||
pr_info_ratelimited("Cannot find del_set index %u as target\n",
|
pr_info_ratelimited("Cannot find del_set index %u as target\n",
|
||||||
info->del_set.index);
|
info->del_set.index);
|
||||||
if (info->add_set.index != IPSET_INVALID_ID)
|
ret = -ENOENT;
|
||||||
ip_set_nfnl_put(par->net,
|
goto cleanup_add;
|
||||||
info->add_set.index);
|
|
||||||
return -ENOENT;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (info->map_set.index != IPSET_INVALID_ID) {
|
if (info->map_set.index != IPSET_INVALID_ID) {
|
||||||
if (strncmp(par->table, "mangle", 7)) {
|
if (strncmp(par->table, "mangle", 7)) {
|
||||||
pr_info_ratelimited("--map-set only usable from mangle table\n");
|
pr_info_ratelimited("--map-set only usable from mangle table\n");
|
||||||
return -EINVAL;
|
ret = -EINVAL;
|
||||||
|
goto cleanup_del;
|
||||||
}
|
}
|
||||||
if (((info->flags & IPSET_FLAG_MAP_SKBPRIO) |
|
if (((info->flags & IPSET_FLAG_MAP_SKBPRIO) |
|
||||||
(info->flags & IPSET_FLAG_MAP_SKBQUEUE)) &&
|
(info->flags & IPSET_FLAG_MAP_SKBQUEUE)) &&
|
||||||
|
@ -474,20 +474,16 @@ set_target_v3_checkentry(const struct xt_tgchk_param *par)
|
||||||
1 << NF_INET_LOCAL_OUT |
|
1 << NF_INET_LOCAL_OUT |
|
||||||
1 << NF_INET_POST_ROUTING))) {
|
1 << NF_INET_POST_ROUTING))) {
|
||||||
pr_info_ratelimited("mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains\n");
|
pr_info_ratelimited("mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains\n");
|
||||||
return -EINVAL;
|
ret = -EINVAL;
|
||||||
|
goto cleanup_del;
|
||||||
}
|
}
|
||||||
index = ip_set_nfnl_get_byindex(par->net,
|
index = ip_set_nfnl_get_byindex(par->net,
|
||||||
info->map_set.index);
|
info->map_set.index);
|
||||||
if (index == IPSET_INVALID_ID) {
|
if (index == IPSET_INVALID_ID) {
|
||||||
pr_info_ratelimited("Cannot find map_set index %u as target\n",
|
pr_info_ratelimited("Cannot find map_set index %u as target\n",
|
||||||
info->map_set.index);
|
info->map_set.index);
|
||||||
if (info->add_set.index != IPSET_INVALID_ID)
|
ret = -ENOENT;
|
||||||
ip_set_nfnl_put(par->net,
|
goto cleanup_del;
|
||||||
info->add_set.index);
|
|
||||||
if (info->del_set.index != IPSET_INVALID_ID)
|
|
||||||
ip_set_nfnl_put(par->net,
|
|
||||||
info->del_set.index);
|
|
||||||
return -ENOENT;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -495,16 +491,21 @@ set_target_v3_checkentry(const struct xt_tgchk_param *par)
|
||||||
info->del_set.dim > IPSET_DIM_MAX ||
|
info->del_set.dim > IPSET_DIM_MAX ||
|
||||||
info->map_set.dim > IPSET_DIM_MAX) {
|
info->map_set.dim > IPSET_DIM_MAX) {
|
||||||
pr_info_ratelimited("SET target dimension over the limit!\n");
|
pr_info_ratelimited("SET target dimension over the limit!\n");
|
||||||
if (info->add_set.index != IPSET_INVALID_ID)
|
ret = -ERANGE;
|
||||||
ip_set_nfnl_put(par->net, info->add_set.index);
|
goto cleanup_mark;
|
||||||
if (info->del_set.index != IPSET_INVALID_ID)
|
|
||||||
ip_set_nfnl_put(par->net, info->del_set.index);
|
|
||||||
if (info->map_set.index != IPSET_INVALID_ID)
|
|
||||||
ip_set_nfnl_put(par->net, info->map_set.index);
|
|
||||||
return -ERANGE;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
cleanup_mark:
|
||||||
|
if (info->map_set.index != IPSET_INVALID_ID)
|
||||||
|
ip_set_nfnl_put(par->net, info->map_set.index);
|
||||||
|
cleanup_del:
|
||||||
|
if (info->del_set.index != IPSET_INVALID_ID)
|
||||||
|
ip_set_nfnl_put(par->net, info->del_set.index);
|
||||||
|
cleanup_add:
|
||||||
|
if (info->add_set.index != IPSET_INVALID_ID)
|
||||||
|
ip_set_nfnl_put(par->net, info->add_set.index);
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
|
Loading…
Reference in New Issue