netfilter: nf_tables: Fix an Oops in nf_tables_updobj() error handling

The "newobj" is an error pointer so we can't pass it to kfree().  It
doesn't need to be freed so we can remove that and I also renamed the
error label.

Fixes: d62d0ba97b58 ("netfilter: nf_tables: Introduce stateful object update operation")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 013d28899cabc1f0228bb5d538610f31ea240a9c..7def31ae30220ff3c44546a3e12cea8684e6c783 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5151,7 +5151,7 @@ static int nf_tables_updobj(const struct nft_ctx *ctx,
        newobj = nft_obj_init(ctx, type, attr);
        if (IS_ERR(newobj)) {
                err = PTR_ERR(newobj);
-               goto err1;
+               goto err_free_trans;
        }
 
        nft_trans_obj(trans) = obj;
@@ -5160,9 +5160,9 @@ static int nf_tables_updobj(const struct nft_ctx *ctx,
        list_add_tail(&trans->list, &ctx->net->nft.commit_list);
 
        return 0;
-err1:
+
+err_free_trans:
        kfree(trans);
-       kfree(newobj);
        return err;
 }