netfilter: nft_synproxy: unregister hooks on init error path

commit 2b4e5fb4d3776c391e40fb33673ba946dd96012d upstream.

Disable the IPv4 hooks if the IPv6 hooks fail to be registered.

Fixes: ad49d86e07a4 ("netfilter: nf_tables: Add synproxy support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/netfilter/nft_synproxy.c b/net/netfilter/nft_synproxy.c
index 4fda8b3f176265b445e075fa51ddd0eb14c5ebe6..59c4dfaf2ea1fc97cade542fae9901fa89742217 100644 (file)
--- a/net/netfilter/nft_synproxy.c
+++ b/net/netfilter/nft_synproxy.c
@@ -191,8 +191,10 @@ static int nft_synproxy_do_init(const struct nft_ctx *ctx,
                if (err)
                        goto nf_ct_failure;
                err = nf_synproxy_ipv6_init(snet, ctx->net);
-               if (err)
+               if (err) {
+                       nf_synproxy_ipv4_fini(snet, ctx->net);
                        goto nf_ct_failure;
+               }
                break;
        }