netfilter: ebtables: fix memory leak when blob is malformed

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2189550
Upstream Status: commit 62ce44c

commit 62ce44c
Author: Florian Westphal <[email protected]>
Date:   Tue Sep 20 14:20:17 2022 +0200

    netfilter: ebtables: fix memory leak when blob is malformed

    The bug fix was incomplete, it "replaced" crash with a memory leak.
    The old code had an assignment to "ret" embedded into the conditional,
    restore this.

    Fixes: 7997eff ("netfilter: ebtables: reject blobs that don't provide all entry points")
    Reported-and-tested-by: [email protected]
    Signed-off-by: Florian Westphal <[email protected]>

Signed-off-by: Florian Westphal <[email protected]>

Author: fw-strlen

net/bridge/netfilter/ebtables.c

@@ -1005,8 +1005,10 @@ static int do_replace_finish(struct net *net, struct ebt_replace *repl,
 		goto free_iterate;
 	}
 
-	if (repl->valid_hooks != t->valid_hooks)
+	if (repl->valid_hooks != t->valid_hooks) {
+		ret = -EINVAL;
 		goto free_unlock;
+	}
 
 	if (repl->num_counters && repl->num_counters != t->private->nentries) {
 		ret = -EINVAL;