[NETFILTER]: return ENOMEM when ip_conntrack_alloc() fails.

This patch fixes the bug which doesn't return ERR_PTR(-ENOMEM) if it failed to allocate memory space from slab cache. This bug leads to erroneously not dropped packets under stress, and wrong statistic counters ('invalid' is incremented instead of 'drop'). It was introduced during the ctnetlink merge in the net-2.6.14 tree, so no stable or mainline releases affected. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
git-mirror · Aug 29, 2005 · 7663f18 · 7663f18
1 parent 8a61fad
commit 7663f18
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -655,7 +655,7 @@ struct ip_conntrack *ip_conntrack_alloc(struct ip_conntrack_tuple *orig,
 	conntrack = kmem_cache_alloc(ip_conntrack_cachep, GFP_ATOMIC);
 	if (!conntrack) {
 		DEBUGP("Can't allocate conntrack.\n");
-		return NULL;
+		return ERR_PTR(-ENOMEM);
 	}
 
 	memset(conntrack, 0, sizeof(*conntrack));
@@ -696,8 +696,9 @@ init_conntrack(struct ip_conntrack_tuple *tuple,
 		return NULL;
 	}
 
-	if (!(conntrack = ip_conntrack_alloc(tuple, &repl_tuple)))
-		return NULL;
+	conntrack = ip_conntrack_alloc(tuple, &repl_tuple);
+	if (conntrack == NULL || IS_ERR(conntrack))
+		return (struct ip_conntrack_tuple_hash *)conntrack;
 
 	if (!protocol->new(conntrack, skb)) {
 		ip_conntrack_free(conntrack);