Most commands either don't assign to obj.rule or pass it on when
creating a batch job. Check and delete commands are the exception to
that.
One could free the rule inside nft_rule_check() and nft_rule_delete() as
well, but since only the pointer is passed to them via parameter, the
pointer would remain set afterwards. So instead do that from the proper
routine. At some point, structs nft_cmd and obj_update should be merged
and consequently the functions called from nft_prepare() be given full
control over that combined struct so they can zero pointers if data is
reused or leave set to get them freed.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/nft-cmd.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c
index 3c0c6a34515e4..1f46dc6c369cc 100644
--- a/iptables/nft-cmd.c
+++ b/iptables/nft-cmd.c
@@ -57,7 +57,14 @@ void nft_cmd_free(struct nft_cmd *cmd)
free((void *)cmd->rename);
free((void *)cmd->jumpto);
- /* cmd->obj.rule not released here. */
+ switch (cmd->command) {
+ case NFT_COMPAT_RULE_CHECK:
+ case NFT_COMPAT_RULE_DELETE:
+ free(cmd->obj.rule);
+ break;
+ default:
+ break;
+ }
list_del(&cmd->head);
free(cmd);
--
2.25.1
