From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 5 Oct 2015 14:51:03 +0000 (+0200)
Subject: netfilter: xt_CT: don't put back reference to timeout policy object
X-Git-Tag: v4.4-rc1~141^2~103^2~25
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=403d89ad9cc076db44c76ab75c7629497d8ddbb2;p=profile%2Fcommon%2Fplatform%2Fkernel%2Flinux-artik7.git

netfilter: xt_CT: don't put back reference to timeout policy object

On success, this shouldn't put back the timeout policy object, otherwise
we may have module refcount overflow and we allow deletion of timeout
that are still in use.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
index faf32d8..a03924c 100644
--- a/net/netfilter/xt_CT.c
+++ b/net/netfilter/xt_CT.c
@@ -171,6 +171,9 @@ xt_ct_set_timeout(struct nf_conn *ct, const struct xt_tgchk_param *par,
 	if (timeout_ext == NULL)
 		ret = -ENOMEM;
 
+	rcu_read_unlock();
+	return ret;
+
 err_put_timeout:
 	__xt_ct_tg_timeout_put(timeout);
 out: