[NETFILTER]: Fix double free after netlink_unicast() in ctnetlink

It's not necessary to free skb if netlink_unicast() failed.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>

diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 166e6069f1212302c16c150fb267161af33ccc0d..82a65043a8ef6a0c1b900a2ef5f282a12e7428ee 100644 (file)
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -815,7 +815,7 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
                                  IPCTNL_MSG_CT_NEW, 1, ct);
        ip_conntrack_put(ct);
        if (err <= 0)
-               goto out;
+               goto free;
 
        err = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT);
        if (err < 0)
@@ -824,9 +824,9 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
        DEBUGP("leaving\n");
        return 0;
 
+free:
+       kfree_skb(skb2);
 out:
-       if (skb2)
-               kfree_skb(skb2);
        return -1;
 }
 
@@ -1322,21 +1322,16 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
                                      nlh->nlmsg_seq, IPCTNL_MSG_EXP_NEW,
                                      1, exp);
        if (err <= 0)
-               goto out;
+               goto free;
 
        ip_conntrack_expect_put(exp);
 
-       err = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT);
-       if (err < 0)
-               goto free;
-
-       return err;
+       return netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT);
 
+free:
+       kfree_skb(skb2);
 out:
        ip_conntrack_expect_put(exp);
-free:
-       if (skb2)
-               kfree_skb(skb2);
        return err;
 }