For each parsed table, xtables-restore calls nft_table_flush() which
each time allocates a new rule cache, possibly overwriting the pointer
to the previously allocated one. Fix this by checking the pointer value
and only allocate if it's NULL.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/nft.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/iptables/nft.c b/iptables/nft.c
index a9cb92edbf111..d5c4c7661c3ab 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1867,9 +1867,11 @@ next:
t = nftnl_table_list_iter_next(iter);
}
- h->rule_cache = nftnl_rule_list_alloc();
- if (h->rule_cache == NULL)
- return -1;
+ if (!h->rule_cache) {
+ h->rule_cache = nftnl_rule_list_alloc();
+ if (h->rule_cache == NULL)
+ return -1;
+ }
err_table_iter:
nftnl_table_list_iter_destroy(iter);
--
2.18.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
