netfilter: ctnetlink: do not erase error code with EINVAL

[ Upstream commit 77522ff02f333434612bd72df9b376f8d3836e4d ]

And be consistent in error management for both orig/reply filtering

Fixes: cb8aa9a3affb ("netfilter: ctnetlink: add kernel side filtering for dump")
Signed-off-by: Florent Fourcot <florent.fourcot@wifirst.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 39e0ff41688a71bc0e3cfe7605f96eae9f279c00..60a1a666e797a89d333f98042648d43aa8bc3392 100644 (file)
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -974,10 +974,8 @@ ctnetlink_alloc_filter(const struct nlattr * const cda[], u8 family)
                                                   filter->family,
                                                   &filter->zone,
                                                   filter->reply_flags);
-               if (err < 0) {
-                       err = -EINVAL;
+               if (err < 0)
                        goto err_filter;
-               }
        }
 
        return filter;