diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-10-05 16:51:03 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-10-12 16:54:45 +0200 |
| commit | 403d89ad9cc076db44c76ab75c7629497d8ddbb2 (patch) | |
| tree | ab8443a59b8b3f0f1fcac3843357ebedb73cf865 /net/netfilter | |
| parent | a29a9a585b2840a205f085a34dfd65c75e86f7c3 (diff) | |
netfilter: xt_CT: don't put back reference to timeout policy object
On success, this shouldn't put back the timeout policy object, otherwise
we may have module refcount overflow and we allow deletion of timeout
that are still in use.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/xt_CT.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c index faf32d888198..a03924c1db41 100644 --- a/net/netfilter/xt_CT.c +++ b/net/netfilter/xt_CT.c @@ -171,6 +171,9 @@ xt_ct_set_timeout(struct nf_conn *ct, const struct xt_tgchk_param *par, if (timeout_ext == NULL) ret = -ENOMEM; + rcu_read_unlock(); + return ret; + err_put_timeout: __xt_ct_tg_timeout_put(timeout); out: |