[NETFILTER]: conntrack_netlink: Fix locking during conntrack_create The current codepath allowed for ip_conntrack_lock to be unlock'ed twice. Signed-off-by: Pablo Neira <pablo@eurodev.net> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 88aa0429048d08c18f2772782588f953bbbd79be [log] [tgz]
author: Pablo Neira <pablo@eurodev.net> Tue Aug 09 20:02:55 2005 -0700
committer: David S. Miller <davem@sunset.davemloft.net> Mon Aug 29 15:39:05 2005 -0700
tree: b8f6cebd9e682882394b92e7e737436b3648e1d7
parent: 94cd2b67641e7ddc2e6ed71d76e00116957423db [diff] [blame]
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 36a046f..0ab2d7d 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c

@@ -1052,13 +1052,14 @@
 		err = -ENOENT;
 		if (nlh->nlmsg_flags & NLM_F_CREATE)
 			err = ctnetlink_create_conntrack(cda, &otuple, &rtuple);
+		return err;
+	}
+	/* implicit 'else' */
+
+	/* we only allow nat config for new conntracks */
+	if (cda[CTA_NAT-1]) {
+		err = -EINVAL;
 		goto out_unlock;
-	} else {
-		/* we only allow nat config for new conntracks */
-		if (cda[CTA_NAT-1]) {
-			err = -EINVAL;
-			goto out_unlock;
-		}
 	}
 
 	/* We manipulate the conntrack inside the global conntrack table lock,
commit	88aa0429048d08c18f2772782588f953bbbd79be	[log] [tgz]
author	Pablo Neira <pablo@eurodev.net>	Tue Aug 09 20:02:55 2005 -0700
committer	David S. Miller <davem@sunset.davemloft.net>	Mon Aug 29 15:39:05 2005 -0700
tree	b8f6cebd9e682882394b92e7e737436b3648e1d7
parent	94cd2b67641e7ddc2e6ed71d76e00116957423db [diff] [blame]