netfilter: Add the missed return value check of nft_register_chain_type

author Gao Feng <fgao@ikuai8.com>

Sat, 10 Sep 2016 02:04:30 +0000 (10:04 +0800)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Mon, 12 Sep 2016 17:54:45 +0000 (19:54 +0200)
author Gao Feng <fgao@ikuai8.com>
Sat, 10 Sep 2016 02:04:30 +0000 (10:04 +0800)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Mon, 12 Sep 2016 17:54:45 +0000 (19:54 +0200)
diff --git a/net/bridge/netfilter/nf_tables_bridge.c b/net/bridge/netfilter/nf_tables_bridge.c

index 06f0f81456a0f27e7ac6421c0de8d64933ec616f..97afdc0744e6dce6ba83943d136e4c6fb886fbf8 100644 (file)
--- a/net/bridge/netfilter/nf_tables_bridge.c
+++ b/net/bridge/netfilter/nf_tables_bridge.c
@@ -139,12 +139,20 @@ static int __init nf_tables_bridge_init(void)
         int ret;
  
         nf_register_afinfo(&nf_br_afinfo);
-       nft_register_chain_type(&filter_bridge);
+       ret = nft_register_chain_type(&filter_bridge);
+       if (ret < 0)
+               goto err1;
+
         ret = register_pernet_subsys(&nf_tables_bridge_net_ops);
-       if (ret < 0) {
-               nft_unregister_chain_type(&filter_bridge);
-               nf_unregister_afinfo(&nf_br_afinfo);
-       }
+       if (ret < 0)
+               goto err2;
+
+       return ret;
+
+err2:
+       nft_unregister_chain_type(&filter_bridge);
+err1:
+       nf_unregister_afinfo(&nf_br_afinfo);
         return ret;
  }
  
diff --git a/net/ipv4/netfilter/nf_tables_arp.c b/net/ipv4/netfilter/nf_tables_arp.c

index 058c034be376eb7b6fed03fa87fc58e4e7805ee5..805c8ddfe86022e6b47df2026d5c5830c613b0ff 100644 (file)
--- a/net/ipv4/netfilter/nf_tables_arp.c
+++ b/net/ipv4/netfilter/nf_tables_arp.c
@@ -80,7 +80,10 @@ static int __init nf_tables_arp_init(void)
  {
         int ret;
  
-       nft_register_chain_type(&filter_arp);
+       ret = nft_register_chain_type(&filter_arp);
+       if (ret < 0)
+               return ret;
+
         ret = register_pernet_subsys(&nf_tables_arp_net_ops);
         if (ret < 0)
                 nft_unregister_chain_type(&filter_arp);
diff --git a/net/ipv4/netfilter/nf_tables_ipv4.c b/net/ipv4/netfilter/nf_tables_ipv4.c

index e44ba3b12fbb03ac4f34626c35fa31a23f3633fa..2840a29b2e04d91c0cab54f67ba10d7d2bf30937 100644 (file)
--- a/net/ipv4/netfilter/nf_tables_ipv4.c
+++ b/net/ipv4/netfilter/nf_tables_ipv4.c
@@ -103,7 +103,10 @@ static int __init nf_tables_ipv4_init(void)
  {
         int ret;
  
-       nft_register_chain_type(&filter_ipv4);
+       ret = nft_register_chain_type(&filter_ipv4);
+       if (ret < 0)
+               return ret;
+
         ret = register_pernet_subsys(&nf_tables_ipv4_net_ops);
         if (ret < 0)
                 nft_unregister_chain_type(&filter_ipv4);
diff --git a/net/ipv6/netfilter/nf_tables_ipv6.c b/net/ipv6/netfilter/nf_tables_ipv6.c

index 05d05926962ab5baa90ee2de4ac63584c8408841..d6e4ba5de916a3e57782764a4e3ac9fcf54e341d 100644 (file)
--- a/net/ipv6/netfilter/nf_tables_ipv6.c
+++ b/net/ipv6/netfilter/nf_tables_ipv6.c
@@ -100,7 +100,10 @@ static int __init nf_tables_ipv6_init(void)
  {
         int ret;
  
-       nft_register_chain_type(&filter_ipv6);
+       ret = nft_register_chain_type(&filter_ipv6);
+       if (ret < 0)
+               return ret;
+
         ret = register_pernet_subsys(&nf_tables_ipv6_net_ops);
         if (ret < 0)
                 nft_unregister_chain_type(&filter_ipv6);
diff --git a/net/netfilter/nf_tables_inet.c b/net/netfilter/nf_tables_inet.c

index 6b5f76295d3d534f3c4255d037ea0b30bfdbb22f..f713cc205669bfcd9f2b187940bdb6f880875624 100644 (file)
--- a/net/netfilter/nf_tables_inet.c
+++ b/net/netfilter/nf_tables_inet.c
@@ -82,7 +82,10 @@ static int __init nf_tables_inet_init(void)
  {
         int ret;
  
-       nft_register_chain_type(&filter_inet);
+       ret = nft_register_chain_type(&filter_inet);
+       if (ret < 0)
+               return ret;
+
         ret = register_pernet_subsys(&nf_tables_inet_net_ops);
         if (ret < 0)
                 nft_unregister_chain_type(&filter_inet);
diff --git a/net/netfilter/nf_tables_netdev.c b/net/netfilter/nf_tables_netdev.c

index 38a3e838504200c9ec1d84c503d7f3e6a876a85a..9e2ae424b64005555d5a7132ea1aa469dc4d0fc1 100644 (file)
--- a/net/netfilter/nf_tables_netdev.c
+++ b/net/netfilter/nf_tables_netdev.c
@@ -149,7 +149,10 @@ static int __init nf_tables_netdev_init(void)
  {
         int ret;
  
-       nft_register_chain_type(&nft_filter_chain_netdev);
+       ret = nft_register_chain_type(&nft_filter_chain_netdev);
+       if (ret)
+               return ret;
+
         ret = register_pernet_subsys(&nf_tables_netdev_net_ops);
         if (ret)
                 goto err1;
author	Gao Feng <fgao@ikuai8.com>
	Sat, 10 Sep 2016 02:04:30 +0000 (10:04 +0800)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 12 Sep 2016 17:54:45 +0000 (19:54 +0200)
net/bridge/netfilter/nf_tables_bridge.c		patch \| blob \| history
net/ipv4/netfilter/nf_tables_arp.c		patch \| blob \| history
net/ipv4/netfilter/nf_tables_ipv4.c		patch \| blob \| history
net/ipv6/netfilter/nf_tables_ipv6.c		patch \| blob \| history
net/netfilter/nf_tables_inet.c		patch \| blob \| history
net/netfilter/nf_tables_netdev.c		patch \| blob \| history