ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()

jira LE-1907
cve CVE-2024-27417
Rebuild_History Non-Buildable kernel-5.14.0-427.31.1.el9_4
commit-author Eric Dumazet <edumazet@google.com>
commit 10bfd45

It seems that if userspace provides a correct IFA_TARGET_NETNSID value
but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr()
returns -EINVAL with an elevated "struct net" refcount.

Fixes: 6ecf4c3 ("ipv6: enable IFA_TARGET_NETNSID for RTM_GETADDR")
	Signed-off-by: Eric Dumazet <edumazet@google.com>
	Cc: Christian Brauner <brauner@kernel.org>
	Cc: David Ahern <dsahern@kernel.org>
	Reviewed-by: David Ahern <dsahern@kernel.org>
	Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 10bfd45)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>

Author: PlaidCat

net/ipv6/addrconf.c

@@ -5457,9 +5457,10 @@ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr *nlh,
 	}
 
 	addr = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL], &peer);
-	if (!addr)
-		return -EINVAL;
-
+	if (!addr) {
+		err = -EINVAL;
+		goto errout;
+	}
 	ifm = nlmsg_data(nlh);
 	if (ifm->ifa_index)
 		dev = dev_get_by_index(tgt_net, ifm->ifa_index);