From: Lukas Bulwahn <lukas.bulwahn@xxxxxxxxx> Commit fdacd57c79b7 ("netfilter: x_tables: never register tables by default") introduces the function xt_register_template(), and in one case, a call to that function was missing the error-case handling. Handle when xt_register_template() returns an error value. This was identified with the clang-analyzer's Dead-Store analysis. Signed-off-by: Lukas Bulwahn <lukas.bulwahn@xxxxxxxxx> Reviewed-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- net/ipv4/netfilter/iptable_mangle.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index b52a4c8a14fc..40417a3f930b 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c @@ -112,6 +112,8 @@ static int __init iptable_mangle_init(void) { int ret = xt_register_template(&packet_mangler, iptable_mangle_table_init); + if (ret < 0) + return ret; mangle_ops = xt_hook_ops_alloc(&packet_mangler, iptable_mangle_hook); if (IS_ERR(mangle_ops)) { -- 2.20.1