[iptables PATCH] xtables: Don't leak iter in error path of __nft_chain_zero_counters()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If batch_rule_add() fails, this function leaked the rule iterator
object.

Fixes: 4c54c892443c2 ("xtables: Catch errors when zeroing rule rounters")
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 iptables/nft.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/iptables/nft.c b/iptables/nft.c
index 6354b7e8e72fe..dab1db59ec971 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -3374,8 +3374,10 @@ static int __nft_chain_zero_counters(struct nftnl_chain *c, void *data)
 			 * rule based on its handle only.
 			 */
 			nftnl_rule_unset(r, NFTNL_RULE_POSITION);
-			if (!batch_rule_add(h, NFT_COMPAT_RULE_REPLACE, r))
+			if (!batch_rule_add(h, NFT_COMPAT_RULE_REPLACE, r)) {
+				nftnl_rule_iter_destroy(iter);
 				return -1;
+			}
 		}
 		r = nftnl_rule_iter_next(iter);
 	}
-- 
2.21.0




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux