[NETFILTER]: return ENOMEM when ip_conntrack_alloc() fails.

This patch fixes the bug which doesn't return ERR_PTR(-ENOMEM) if it
failed to allocate memory space from slab cache.  This bug leads to
erroneously not dropped packets under stress, and wrong statistic
counters ('invalid' is incremented instead of 'drop').  It was
introduced during the ctnetlink merge in the net-2.6.14 tree, so no
stable or mainline releases affected.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index 9261388d5ac237579726692d2332703a246e013c..285743bfbed3188bc78edd8db0ddd87a81fb7c0b 100644 (file)
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -655,7 +655,7 @@ struct ip_conntrack *ip_conntrack_alloc(struct ip_conntrack_tuple *orig,
        conntrack = kmem_cache_alloc(ip_conntrack_cachep, GFP_ATOMIC);
        if (!conntrack) {
                DEBUGP("Can't allocate conntrack.\n");
-               return NULL;
+               return ERR_PTR(-ENOMEM);
        }
 
        memset(conntrack, 0, sizeof(*conntrack));
@@ -696,8 +696,9 @@ init_conntrack(struct ip_conntrack_tuple *tuple,
                return NULL;
        }
 
-       if (!(conntrack = ip_conntrack_alloc(tuple, &repl_tuple)))
-               return NULL;
+       conntrack = ip_conntrack_alloc(tuple, &repl_tuple);
+       if (conntrack == NULL || IS_ERR(conntrack))
+               return (struct ip_conntrack_tuple_hash *)conntrack;
 
        if (!protocol->new(conntrack, skb)) {
                ip_conntrack_free(conntrack);