]> err.no Git - linux-2.6/commitdiff
[NETFILTER]: {arp,ip,ip6}_tables: proper error recovery in init path
authorPatrick McHardy <kaber@trash.net>
Mon, 14 Aug 2006 01:57:28 +0000 (18:57 -0700)
committerDavid S. Miller <davem@davemloft.net>
Mon, 14 Aug 2006 01:57:28 +0000 (18:57 -0700)
Neither of {arp,ip,ip6}_tables cleans up behind itself when something goes
wrong during initialization.

Noticed by Rennie deGraaf <degraaf@cpsc.ucalgary.ca>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/netfilter/arp_tables.c
net/ipv4/netfilter/ip_tables.c
net/ipv6/netfilter/ip6_tables.c

index 80c73ca90116f51ecff0cc2e52b8e4201f747920..df4854cf598bbea46da6b19b6c2bb0ffdc0436fe 100644 (file)
@@ -1170,21 +1170,34 @@ static int __init arp_tables_init(void)
 {
        int ret;
 
-       xt_proto_init(NF_ARP);
+       ret = xt_proto_init(NF_ARP);
+       if (ret < 0)
+               goto err1;
 
        /* Noone else will be downing sem now, so we won't sleep */
-       xt_register_target(&arpt_standard_target);
-       xt_register_target(&arpt_error_target);
+       ret = xt_register_target(&arpt_standard_target);
+       if (ret < 0)
+               goto err2;
+       ret = xt_register_target(&arpt_error_target);
+       if (ret < 0)
+               goto err3;
 
        /* Register setsockopt */
        ret = nf_register_sockopt(&arpt_sockopts);
-       if (ret < 0) {
-               duprintf("Unable to register sockopts.\n");
-               return ret;
-       }
+       if (ret < 0)
+               goto err4;
 
        printk("arp_tables: (C) 2002 David S. Miller\n");
        return 0;
+
+err4:
+       xt_unregister_target(&arpt_error_target);
+err3:
+       xt_unregister_target(&arpt_standard_target);
+err2:
+       xt_proto_fini(NF_ARP);
+err1:
+       return ret;
 }
 
 static void __exit arp_tables_fini(void)
index fc5bdd5eb7d35aa7de0f4fd5a2c7a8bc794dd643..f316ff5fd8a64ff7cf4096e583760977c1d5403f 100644 (file)
@@ -2239,22 +2239,39 @@ static int __init ip_tables_init(void)
 {
        int ret;
 
-       xt_proto_init(AF_INET);
+       ret = xt_proto_init(AF_INET);
+       if (ret < 0)
+               goto err1;
 
        /* Noone else will be downing sem now, so we won't sleep */
-       xt_register_target(&ipt_standard_target);
-       xt_register_target(&ipt_error_target);
-       xt_register_match(&icmp_matchstruct);
+       ret = xt_register_target(&ipt_standard_target);
+       if (ret < 0)
+               goto err2;
+       ret = xt_register_target(&ipt_error_target);
+       if (ret < 0)
+               goto err3;
+       ret = xt_register_match(&icmp_matchstruct);
+       if (ret < 0)
+               goto err4;
 
        /* Register setsockopt */
        ret = nf_register_sockopt(&ipt_sockopts);
-       if (ret < 0) {
-               duprintf("Unable to register sockopts.\n");
-               return ret;
-       }
+       if (ret < 0)
+               goto err5;
 
        printk("ip_tables: (C) 2000-2006 Netfilter Core Team\n");
        return 0;
+
+err5:
+       xt_unregister_match(&icmp_matchstruct);
+err4:
+       xt_unregister_target(&ipt_error_target);
+err3:
+       xt_unregister_target(&ipt_standard_target);
+err2:
+       xt_proto_fini(AF_INET);
+err1:
+       return ret;
 }
 
 static void __exit ip_tables_fini(void)
index f26898b003475cb1358d6ab5dc9e7c831bca21c9..c9d6b23cd3f7141ff91b8cf11c3fff6e622a9e9c 100644 (file)
@@ -1398,23 +1398,39 @@ static int __init ip6_tables_init(void)
 {
        int ret;
 
-       xt_proto_init(AF_INET6);
+       ret = xt_proto_init(AF_INET6);
+       if (ret < 0)
+               goto err1;
 
        /* Noone else will be downing sem now, so we won't sleep */
-       xt_register_target(&ip6t_standard_target);
-       xt_register_target(&ip6t_error_target);
-       xt_register_match(&icmp6_matchstruct);
+       ret = xt_register_target(&ip6t_standard_target);
+       if (ret < 0)
+               goto err2;
+       ret = xt_register_target(&ip6t_error_target);
+       if (ret < 0)
+               goto err3;
+       ret = xt_register_match(&icmp6_matchstruct);
+       if (ret < 0)
+               goto err4;
 
        /* Register setsockopt */
        ret = nf_register_sockopt(&ip6t_sockopts);
-       if (ret < 0) {
-               duprintf("Unable to register sockopts.\n");
-               xt_proto_fini(AF_INET6);
-               return ret;
-       }
+       if (ret < 0)
+               goto err5;
 
        printk("ip6_tables: (C) 2000-2006 Netfilter Core Team\n");
        return 0;
+
+err5:
+       xt_unregister_match(&icmp6_matchstruct);
+err4:
+       xt_unregister_target(&ip6t_error_target);
+err3:
+       xt_unregister_target(&ip6t_standard_target);
+err2:
+       xt_proto_fini(AF_INET6);
+err1:
+       return ret;
 }
 
 static void __exit ip6_tables_fini(void)