[iptables PATCH 01/15] nft: Free rule pointer in nft_cmd_free()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Most commands either don't assign to obj.rule or pass it on when
creating a batch job. Check and delete commands are the exception to
that.

One could free the rule inside nft_rule_check() and nft_rule_delete() as
well, but since only the pointer is passed to them via parameter, the
pointer would remain set afterwards. So instead do that from the proper
routine. At some point, structs nft_cmd and obj_update should be merged
and consequently the functions called from nft_prepare() be given full
control over that combined struct so they can zero pointers if data is
reused or leave set to get them freed.

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 iptables/nft-cmd.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c
index 3c0c6a34515e4..1f46dc6c369cc 100644
--- a/iptables/nft-cmd.c
+++ b/iptables/nft-cmd.c
@@ -57,7 +57,14 @@ void nft_cmd_free(struct nft_cmd *cmd)
 	free((void *)cmd->rename);
 	free((void *)cmd->jumpto);
 
-	/* cmd->obj.rule not released here. */
+	switch (cmd->command) {
+	case NFT_COMPAT_RULE_CHECK:
+	case NFT_COMPAT_RULE_DELETE:
+		free(cmd->obj.rule);
+		break;
+	default:
+		break;
+	}
 
 	list_del(&cmd->head);
 	free(cmd);
-- 
2.25.1




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux