diff --git a/sys/contrib/ipfilter/netinet/ip_nat.c b/sys/contrib/ipfilter/netinet/ip_nat.c index b814665b45d7..e2de7eade5df 100644 --- a/sys/contrib/ipfilter/netinet/ip_nat.c +++ b/sys/contrib/ipfilter/netinet/ip_nat.c @@ -3078,7 +3078,7 @@ ipf_nat_newrdr(fin, nat, ni) /* creating a new NAT structure for a "RDR" rule (incoming NAT translation) */ /* and (3) building that structure and putting it into the NAT table(s). */ /* */ -/* NOTE: natsave should NOT be used top point back to an ipstate_t struct */ +/* NOTE: natsave should NOT be used to point back to an ipstate_t struct */ /* as it can result in memory being corrupted. */ /* ------------------------------------------------------------------------ */ nat_t * @@ -3406,6 +3406,7 @@ ipf_nat_insert(softc, softn, nat) u_int hv0, hv1; u_int sp, dp; ipnat_t *in; + int ret; /* * Try and return an error as early as possible, so calculate the hash @@ -3488,7 +3489,10 @@ ipf_nat_insert(softc, softn, nat) nat->nat_mtu[1] = GETIFMTU_4(nat->nat_ifps[1]); } - return ipf_nat_hashtab_add(softc, softn, nat); + ret = ipf_nat_hashtab_add(softc, softn, nat); + if (ret == -1) + MUTEX_DESTROY(&nat->nat_lock); + return ret; }