netfilter: nft_exthdr: break evaluation if setting TCP option fails

[ Upstream commit 962e5a40 ]

Break rule evaluation on malformed TCP options.

Fixes: 99d1712b ("netfilter: exthdr: tcp option set support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Stable-dep-of: 28427f36 ("netfilter: nft_exthdr: Fix non-linear header modification")
Signed-off-by: Sasha Levin <sashal@kernel.org>