Commit fd57d0cb authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso

netfilter: nf_tables: skip module reference count bump on object updates

Use __nft_obj_type_get() instead, otherwise there is a module reference
counter leak.

Fixes: d62d0ba9 ("netfilter: nf_tables: Introduce stateful object update operation")
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 0d2c96af
...@@ -5484,7 +5484,7 @@ static int nf_tables_newobj(struct net *net, struct sock *nlsk, ...@@ -5484,7 +5484,7 @@ static int nf_tables_newobj(struct net *net, struct sock *nlsk,
if (nlh->nlmsg_flags & NLM_F_REPLACE) if (nlh->nlmsg_flags & NLM_F_REPLACE)
return -EOPNOTSUPP; return -EOPNOTSUPP;
type = nft_obj_type_get(net, objtype); type = __nft_obj_type_get(objtype);
nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
return nf_tables_updobj(&ctx, type, nla[NFTA_OBJ_DATA], obj); return nf_tables_updobj(&ctx, type, nla[NFTA_OBJ_DATA], obj);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment