7 سال پیش · 569ccae68b
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2361,41 +2361,46 @@ static int nf_tables_newrule(struct net *net, struct sock *nlsk,
 
				 	}
			
 
				 
			
 
				 	if (nlh->nlmsg_flags & NLM_F_REPLACE) {
			
 
				-		if (nft_is_active_next(net, old_rule)) {
			
 
				-			trans = nft_trans_rule_add(&ctx, NFT_MSG_DELRULE,
			
 
				-						   old_rule);
			
 
				-			if (trans == NULL) {
			
 
				-				err = -ENOMEM;
			
 
				-				goto err2;
			
 
				-			}
			
 
				-			nft_deactivate_next(net, old_rule);
			
 
				-			chain->use--;
			
 
				-			list_add_tail_rcu(&rule->list, &old_rule->list);
			
 
				-		} else {
			
 
				+		if (!nft_is_active_next(net, old_rule)) {
			
 
				 			err = -ENOENT;
			
 
				 			goto err2;
			
 
				 		}
			
 
				-	} else if (nlh->nlmsg_flags & NLM_F_APPEND)
			
 
				-		if (old_rule)
			
 
				-			list_add_rcu(&rule->list, &old_rule->list);
			
 
				-		else
			
 
				-			list_add_tail_rcu(&rule->list, &chain->rules);
			
 
				-	else {
			
 
				-		if (old_rule)
			
 
				-			list_add_tail_rcu(&rule->list, &old_rule->list);
			
 
				-		else
			
 
				-			list_add_rcu(&rule->list, &chain->rules);
			
 
				-	}
			
 
				+		trans = nft_trans_rule_add(&ctx, NFT_MSG_DELRULE,
			
 
				+					   old_rule);
			
 
				+		if (trans == NULL) {
			
 
				+			err = -ENOMEM;
			
 
				+			goto err2;
			
 
				+		}
			
 
				+		nft_deactivate_next(net, old_rule);
			
 
				+		chain->use--;
			
 
				 
			
 
				-	if (nft_trans_rule_add(&ctx, NFT_MSG_NEWRULE, rule) == NULL) {
			
 
				-		err = -ENOMEM;
			
 
				-		goto err3;
			
 
				+		if (nft_trans_rule_add(&ctx, NFT_MSG_NEWRULE, rule) == NULL) {
			
 
				+			err = -ENOMEM;
			
 
				+			goto err2;
			
 
				+		}
			
 
				+
			
 
				+		list_add_tail_rcu(&rule->list, &old_rule->list);
			
 
				+	} else {
			
 
				+		if (nft_trans_rule_add(&ctx, NFT_MSG_NEWRULE, rule) == NULL) {
			
 
				+			err = -ENOMEM;
			
 
				+			goto err2;
			
 
				+		}
			
 
				+
			
 
				+		if (nlh->nlmsg_flags & NLM_F_APPEND) {
			
 
				+			if (old_rule)
			
 
				+				list_add_rcu(&rule->list, &old_rule->list);
			
 
				+			else
			
 
				+				list_add_tail_rcu(&rule->list, &chain->rules);
			
 
				+		 } else {
			
 
				+			if (old_rule)
			
 
				+				list_add_tail_rcu(&rule->list, &old_rule->list);
			
 
				+			else
			
 
				+				list_add_rcu(&rule->list, &chain->rules);
			
 
				+		}
			
 
				 	}
			
 
				 	chain->use++;
			
 
				 	return 0;
			
 
				 
			
 
				-err3:
			
 
				-	list_del_rcu(&rule->list);
			
 
				 err2:
			
 
				 	nf_tables_rule_destroy(&ctx, rule);
			
 
				 err1: