net: sched: act_ct: fix possible refcount leak in tcf_ct_init()

[ Upstream commit 6e23ec0ba92d426c77a73a9ccab16346e5e0ef49 ]

nf_ct_put need to be called to put the refcount got by tcf_ct_fill_params
to avoid possible refcount leak when tcf_ct_flow_table_get fails.

Fixes: c34b961a2492 ("net/sched: act_ct: Create nf flow table per zone")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Link: https://lore.kernel.org/r/20220923020046.8021-1-hbh25y@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index f4fd584..d85fdef 100644 (file)
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -1306,7 +1306,7 @@ static int tcf_ct_init(struct net *net, struct nlattr *nla,
 
        err = tcf_ct_flow_table_get(params);
        if (err)
-               goto cleanup;
+               goto cleanup_params;
 
        spin_lock_bh(&c->tcf_lock);
        goto_ch = tcf_action_set_ctrlact(*a, parm->action, goto_ch);
@@ -1321,6 +1321,9 @@ static int tcf_ct_init(struct net *net, struct nlattr *nla,
 
        return res;
 
+cleanup_params:
+       if (params->tmpl)
+               nf_ct_put(params->tmpl);
 cleanup:
        if (goto_ch)
                tcf_chain_put_by_act(goto_ch);