On Sat, Dec 15, 2018 at 07:25:04PM +0100, Phil Sutter wrote: > Covscan complained about call to batch_rule_add() not being checked. > > Signed-off-by: Phil Sutter <phil@xxxxxx> > --- > iptables/nft.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/iptables/nft.c b/iptables/nft.c > index f9024927c0e73..ea7419b620e7a 100644 > --- a/iptables/nft.c > +++ b/iptables/nft.c > @@ -3022,7 +3022,9 @@ static int __nft_chain_zero_counters(struct nftnl_chain *c, void *data) > * rule based on its handle only. > */ > nftnl_rule_unset(r, NFTNL_RULE_POSITION); > - batch_rule_add(h, NFT_COMPAT_RULE_REPLACE, r); > + ret = batch_rule_add(h, NFT_COMPAT_RULE_REPLACE, r); > + if (ret) > + return -1; Probably 'goto err' so we destroy the iterator before returning -1? > } > r = nftnl_rule_iter_next(iter); > } > -- > 2.19.0 >
