From 90cfeeecac148ca58b066a9c5384cba80ebc3cbb Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 10 Jun 2014 18:06:37 +0200
Subject: [PATCH] netfilter/ct: fix calling nfnl_*_put() on uninitialized
 memory after nfnlmsg_*_parse()

nfnlmsg_*_parse() does not assign *result on error. So this will
lead to freeing a dangling pointer.

Error found by coverity.

Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Thomas Haller <thaller@redhat.com>
---
 lib/netfilter/ct.c        | 3 +--
 lib/netfilter/exp.c       | 3 +--
 lib/netfilter/log_msg.c   | 3 +--
 lib/netfilter/queue_msg.c | 3 +--
 4 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/lib/netfilter/ct.c b/lib/netfilter/ct.c
index 04f9d01..36a83db 100644
--- a/lib/netfilter/ct.c
+++ b/lib/netfilter/ct.c
@@ -414,10 +414,9 @@ static int ct_msg_parser(struct nl_cache_ops *ops, struct sockaddr_nl *who,
 	int err;
 
 	if ((err = nfnlmsg_ct_parse(nlh, &ct)) < 0)
-		goto errout;
+		return err;
 
 	err = pp->pp_cb((struct nl_object *) ct, pp);
-errout:
 	nfnl_ct_put(ct);
 	return err;
 }
diff --git a/lib/netfilter/exp.c b/lib/netfilter/exp.c
index 86ed8d1..9cfdd2b 100644
--- a/lib/netfilter/exp.c
+++ b/lib/netfilter/exp.c
@@ -298,10 +298,9 @@ static int exp_msg_parser(struct nl_cache_ops *ops, struct sockaddr_nl *who,
 	int err;
 
 	if ((err = nfnlmsg_exp_parse(nlh, &exp)) < 0)
-		goto errout;
+		return err;
 
 	err = pp->pp_cb((struct nl_object *) exp, pp);
-errout:
 	nfnl_exp_put(exp);
 	return err;
 }
diff --git a/lib/netfilter/log_msg.c b/lib/netfilter/log_msg.c
index 6e09da2..5ffdaf8 100644
--- a/lib/netfilter/log_msg.c
+++ b/lib/netfilter/log_msg.c
@@ -174,10 +174,9 @@ static int log_msg_parser(struct nl_cache_ops *ops, struct sockaddr_nl *who,
 	int err;
 
 	if ((err = nfnlmsg_log_msg_parse(nlh, &msg)) < 0)
-		goto errout;
+		return err;
 
 	err = pp->pp_cb((struct nl_object *) msg, pp);
-errout:
 	nfnl_log_msg_put(msg);
 	return err;
 }
diff --git a/lib/netfilter/queue_msg.c b/lib/netfilter/queue_msg.c
index 1425577..3388923 100644
--- a/lib/netfilter/queue_msg.c
+++ b/lib/netfilter/queue_msg.c
@@ -153,10 +153,9 @@ static int queue_msg_parser(struct nl_cache_ops *ops, struct sockaddr_nl *who,
 	int err;
 
 	if ((err = nfnlmsg_queue_msg_parse(nlh, &msg)) < 0)
-		goto errout;
+		return err;
 
 	err = pp->pp_cb((struct nl_object *) msg, pp);
-errout:
 	nfnl_queue_msg_put(msg);
 	return err;
 }