netfilter: nft_immediate: drop chain reference counter on error

In the init path, nft_data_init() bumps the chain reference counter,
decrement it on error by following the error path which calls
nft_data_release() to restore it.

Fixes: 4bedf9eee016 ("netfilter: nf_tables: fix chain binding transaction logic")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nft_immediate.c b/net/netfilter/nft_immediate.c
index fccb3cf7749c1d504f7ece31b6914714fc35aa96..6475c7abc1fe355310367b90c834700364b6332f 100644 (file)
--- a/net/netfilter/nft_immediate.c
+++ b/net/netfilter/nft_immediate.c
@@ -78,7 +78,7 @@ static int nft_immediate_init(const struct nft_ctx *ctx,
                case NFT_GOTO:
                        err = nf_tables_bind_chain(ctx, chain);
                        if (err < 0)
-                               return err;
+                               goto err1;
                        break;
                default:
                        break;