netfilter: nf_tables: check msg_type before nft_trans_set(trans)

[mirror_ubuntu-bionic-kernel.git] / net / netfilter / nf_tables_api.c

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index fc3c9f299791748a0319726218f8626b1eec94b0..4604ba808d2e54c033c18c87c3cdb192f49a0fcb 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2705,12 +2705,13 @@ static struct nft_set *nf_tables_set_lookup_byid(const struct net *net,
        u32 id = ntohl(nla_get_be32(nla));
 
        list_for_each_entry(trans, &net->nft.commit_list, list) {
-               struct nft_set *set = nft_trans_set(trans);
+               if (trans->msg_type == NFT_MSG_NEWSET) {
+                       struct nft_set *set = nft_trans_set(trans);
 
-               if (trans->msg_type == NFT_MSG_NEWSET &&
-                   id == nft_trans_set_id(trans) &&
-                   nft_active_genmask(set, genmask))
-                       return set;
+                       if (id == nft_trans_set_id(trans) &&
+                           nft_active_genmask(set, genmask))
+                               return set;
+               }
        }
        return ERR_PTR(-ENOENT);
 }