Hi Pablo, On Fri, Dec 21, 2018 at 12:35:38PM +0100, Pablo Neira Ayuso wrote: > On Fri, Dec 21, 2018 at 12:24:55PM +0100, Pablo Neira Ayuso wrote: > > On Sat, Dec 15, 2018 at 07:25:04PM +0100, Phil Sutter wrote: > > > Covscan complained about call to batch_rule_add() not being checked. > > > > > > Signed-off-by: Phil Sutter <phil@xxxxxx> > > > --- > > > iptables/nft.c | 4 +++- > > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > > > diff --git a/iptables/nft.c b/iptables/nft.c > > > index f9024927c0e73..ea7419b620e7a 100644 > > > --- a/iptables/nft.c > > > +++ b/iptables/nft.c > > > @@ -3022,7 +3022,9 @@ static int __nft_chain_zero_counters(struct nftnl_chain *c, void *data) > > > * rule based on its handle only. > > > */ > > > nftnl_rule_unset(r, NFTNL_RULE_POSITION); > > > - batch_rule_add(h, NFT_COMPAT_RULE_REPLACE, r); > > > + ret = batch_rule_add(h, NFT_COMPAT_RULE_REPLACE, r); > > > + if (ret) > > > + return -1; > > > > Probably 'goto err' so we destroy the iterator before returning -1? Oh, right. I Missed that. > Let me get to review your larger pending patchset, then you can > resubmit this on top. > > Sorry I didn't get to this any sooner. Thanks! And no worries, we all are busy with multiple things at once. :) Cheers, Phil
