netfilter: nf_tables: fix check for table overflow
authorPatrick McHardy <kaber@trash.net>
Thu, 9 Jan 2014 18:42:33 +0000 (18:42 +0000)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 9 Jan 2014 19:17:13 +0000 (20:17 +0100)
The table use counter is only increased for new chains, so move the check
to the correct position.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_tables_api.c

index d275d384bbc57863027a66eb6c23fd8517771054..290472c0bf4f3de4851a13c290076cdf7579ebe3 100644 (file)
@@ -834,9 +834,6 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
        if (IS_ERR(table))
                return PTR_ERR(table);
 
-       if (table->use == UINT_MAX)
-               return -EOVERFLOW;
-
        chain = NULL;
        name = nla[NFTA_CHAIN_NAME];
 
@@ -899,6 +896,9 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
                goto notify;
        }
 
+       if (table->use == UINT_MAX)
+               return -EOVERFLOW;
+
        if (nla[NFTA_CHAIN_HOOK]) {
                struct nf_hook_ops *ops;
                nf_hookfn *hookfn;