netfilter: nft_immediate: drop chain reference counter on error

In the init path, nft_data_init() bumps the chain reference counter, decrement it on error by following the error path which calls nft_data_release() to restore it. Fixes: 4bedf9eee016 ("netfilter: nf_tables: fix chain binding transaction logic") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2024-01-01 20:15:33 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2024-01-03 11:17:17 +0100
commit: b29be0ca8e816119ccdf95cc7d7c7be9bde005f1 (patch)
tree: 406469deb597fbfbc2a2e47b80b77ccae0e1097e /net/netfilter/nft_immediate.c
parent: e6345d2824a3f58aab82428d11645e0da861ac13 (diff)
download: linux-b29be0ca8e816119ccdf95cc7d7c7be9bde005f1.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nft_immediate.c b/net/netfilter/nft_immediate.c
index fccb3cf7749c1..6475c7abc1fe3 100644
--- a/net/netfilter/nft_immediate.c
+++ b/net/netfilter/nft_immediate.c
@@ -78,7 +78,7 @@ static int nft_immediate_init(const struct nft_ctx *ctx,
 		case NFT_GOTO:
 			err = nf_tables_bind_chain(ctx, chain);
 			if (err < 0)
-				return err;
+				goto err1;
 			break;
 		default:
 			break;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2024-01-01 20:15:33 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2024-01-03 11:17:17 +0100
commit	b29be0ca8e816119ccdf95cc7d7c7be9bde005f1 (patch)
tree	406469deb597fbfbc2a2e47b80b77ccae0e1097e /net/netfilter/nft_immediate.c
parent	e6345d2824a3f58aab82428d11645e0da861ac13 (diff)
download	linux-b29be0ca8e816119ccdf95cc7d7c7be9bde005f1.tar.gz