diff mbox series

[5.16,099/227] netfilter: nft_synproxy: unregister hooks on init error path

Message ID 20220221084938.170112613@linuxfoundation.org
State New
Headers show
Series None | expand

Commit Message

Greg KH Feb. 21, 2022, 8:48 a.m. UTC 
From: Pablo Neira Ayuso <pablo@netfilter.org>

commit 2b4e5fb4d3776c391e40fb33673ba946dd96012d upstream.

Disable the IPv4 hooks if the IPv6 hooks fail to be registered.

Fixes: ad49d86e07a4 ("netfilter: nf_tables: Add synproxy support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/netfilter/nft_synproxy.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
diff mbox series

Patch

--- a/net/netfilter/nft_synproxy.c
+++ b/net/netfilter/nft_synproxy.c
@@ -191,8 +191,10 @@  static int nft_synproxy_do_init(const st
 		if (err)
 			goto nf_ct_failure;
 		err = nf_synproxy_ipv6_init(snet, ctx->net);
-		if (err)
+		if (err) {
+			nf_synproxy_ipv4_fini(snet, ctx->net);
 			goto nf_ct_failure;
+		}
 		break;
 	}