netfilter: nf_tables: fix underflow in chain reference counter - kernel

diff options

author	Pablo Neira Ayuso <[email protected]>	2023-06-25 22:42:19 +0000
committer	Pablo Neira Ayuso <[email protected]>	2023-06-26 15:18:55 +0000
commit	b389139f12f287b8ed2e2628b72df89a081f0b59 (patch)
tree	855d016299a3089f728a96d6b9e088e49f99005f /net/dsa/dsa.c
parent	netfilter: nf_tables: unbind non-anonymous set if rule construction fails (diff)
download	kernel-b389139f12f287b8ed2e2628b72df89a081f0b59.tar.gz kernel-b389139f12f287b8ed2e2628b72df89a081f0b59.zip

netfilter: nf_tables: fix underflow in chain reference counter

Set element addition error path decrements reference counter on chains twice: once on element release and again via nft_data_release(). Then, d6b478666ffa ("netfilter: nf_tables: fix underflow in object reference counter") incorrectly fixed this by removing the stateful object reference count decrement. Restore the stateful object decrement as in b91d90368837 ("netfilter: nf_tables: fix leaking object reference count") and let nft_data_release() decrement the chain reference counter, so this is done only once. Fixes: d6b478666ffa ("netfilter: nf_tables: fix underflow in object reference counter") Fixes: 628bd3e49cba ("netfilter: nf_tables: drop map element references from preparation phase") Signed-off-by: Pablo Neira Ayuso <[email protected]>

Diffstat (limited to 'net/dsa/dsa.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: