Skip to content

Commit 23d0750

Browse files
gfreewindummakynes
gfreewind
authored and
ummakynes
committed
netfilter: Add the missed return value check of nft_register_chain_type
There are some codes of netfilter module which did not check the return value of nft_register_chain_type. Add the checks now. Signed-off-by: Gao Feng <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
1 parent 4e6577d commit 23d0750

File tree

6 files changed

+33
-10
lines changed

6 files changed

+33
-10
lines changed

net/bridge/netfilter/nf_tables_bridge.c

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -139,12 +139,20 @@ static int __init nf_tables_bridge_init(void)
139139
int ret;
140140

141141
nf_register_afinfo(&nf_br_afinfo);
142-
nft_register_chain_type(&filter_bridge);
142+
ret = nft_register_chain_type(&filter_bridge);
143+
if (ret < 0)
144+
goto err1;
145+
143146
ret = register_pernet_subsys(&nf_tables_bridge_net_ops);
144-
if (ret < 0) {
145-
nft_unregister_chain_type(&filter_bridge);
146-
nf_unregister_afinfo(&nf_br_afinfo);
147-
}
147+
if (ret < 0)
148+
goto err2;
149+
150+
return ret;
151+
152+
err2:
153+
nft_unregister_chain_type(&filter_bridge);
154+
err1:
155+
nf_unregister_afinfo(&nf_br_afinfo);
148156
return ret;
149157
}
150158

net/ipv4/netfilter/nf_tables_arp.c

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,10 @@ static int __init nf_tables_arp_init(void)
8080
{
8181
int ret;
8282

83-
nft_register_chain_type(&filter_arp);
83+
ret = nft_register_chain_type(&filter_arp);
84+
if (ret < 0)
85+
return ret;
86+
8487
ret = register_pernet_subsys(&nf_tables_arp_net_ops);
8588
if (ret < 0)
8689
nft_unregister_chain_type(&filter_arp);

net/ipv4/netfilter/nf_tables_ipv4.c

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,10 @@ static int __init nf_tables_ipv4_init(void)
103103
{
104104
int ret;
105105

106-
nft_register_chain_type(&filter_ipv4);
106+
ret = nft_register_chain_type(&filter_ipv4);
107+
if (ret < 0)
108+
return ret;
109+
107110
ret = register_pernet_subsys(&nf_tables_ipv4_net_ops);
108111
if (ret < 0)
109112
nft_unregister_chain_type(&filter_ipv4);

net/ipv6/netfilter/nf_tables_ipv6.c

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,10 @@ static int __init nf_tables_ipv6_init(void)
100100
{
101101
int ret;
102102

103-
nft_register_chain_type(&filter_ipv6);
103+
ret = nft_register_chain_type(&filter_ipv6);
104+
if (ret < 0)
105+
return ret;
106+
104107
ret = register_pernet_subsys(&nf_tables_ipv6_net_ops);
105108
if (ret < 0)
106109
nft_unregister_chain_type(&filter_ipv6);

net/netfilter/nf_tables_inet.c

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,10 @@ static int __init nf_tables_inet_init(void)
8282
{
8383
int ret;
8484

85-
nft_register_chain_type(&filter_inet);
85+
ret = nft_register_chain_type(&filter_inet);
86+
if (ret < 0)
87+
return ret;
88+
8689
ret = register_pernet_subsys(&nf_tables_inet_net_ops);
8790
if (ret < 0)
8891
nft_unregister_chain_type(&filter_inet);

net/netfilter/nf_tables_netdev.c

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -149,7 +149,10 @@ static int __init nf_tables_netdev_init(void)
149149
{
150150
int ret;
151151

152-
nft_register_chain_type(&nft_filter_chain_netdev);
152+
ret = nft_register_chain_type(&nft_filter_chain_netdev);
153+
if (ret)
154+
return ret;
155+
153156
ret = register_pernet_subsys(&nf_tables_netdev_net_ops);
154157
if (ret)
155158
goto err1;

0 commit comments

Comments
 (0)