Commit fdacd57c79b7 ("netfilter: x_tables: never register tables by default") introduces the function xt_register_template(), and in one case, a call to that function was missing the error-case handling. Handle when xt_register_template() returns an error value. This was identified with the clang-analyzer's Dead-Store analysis. Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com> --- net/ipv4/netfilter/iptable_mangle.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index b52a4c8a14fc..40417a3f930b 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c @@ -112,6 +112,8 @@ static int __init iptable_mangle_init(void) { int ret = xt_register_template(&packet_mangler, iptable_mangle_table_init); + if (ret < 0) + return ret; mangle_ops = xt_hook_ops_alloc(&packet_mangler, iptable_mangle_hook); if (IS_ERR(mangle_ops)) { -- 2.26.2
Lukas Bulwahn <lukas.bulwahn@gmail.com> wrote:
> Commit fdacd57c79b7 ("netfilter: x_tables: never register tables by
> default") introduces the function xt_register_template(), and in one case,
> a call to that function was missing the error-case handling.
>
> Handle when xt_register_template() returns an error value.
>
> This was identified with the clang-analyzer's Dead-Store analysis.
Fixes: fdacd57c79b7 ("netfilter: x_tables: never register tables by > default")
Reviewed-by: Florian Westphal <fw@strlen.de>
This needs to go to nf-next.
On Mon, Aug 23, 2021 at 10:27:29PM +0200, Lukas Bulwahn wrote:
> Commit fdacd57c79b7 ("netfilter: x_tables: never register tables by
> default") introduces the function xt_register_template(), and in one case,
> a call to that function was missing the error-case handling.
>
> Handle when xt_register_template() returns an error value.
>
> This was identified with the clang-analyzer's Dead-Store analysis.
Applied, thanks.