netfilter: nft_ct: do cleanup work when NFTA_CT_DIRECTION is invalid
authorLiping Zhang <zlpnobody@gmail.com>
Wed, 15 Mar 2017 14:22:08 +0000 (22:22 +0800)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 15 Mar 2017 16:15:54 +0000 (17:15 +0100)
We should jump to invoke __nft_ct_set_destroy() instead of just
return error.

Fixes: edee4f1e9245 ("netfilter: nft_ct: add zone id set support")
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_ct.c

index 91585b5e53070d9522b289bca106e79765c415a1..0264258c46feb5071a8eebcf9299b4b717fd0a32 100644 (file)
@@ -544,7 +544,8 @@ static int nft_ct_set_init(const struct nft_ctx *ctx,
                case IP_CT_DIR_REPLY:
                        break;
                default:
-                       return -EINVAL;
+                       err = -EINVAL;
+                       goto err1;
                }
        }