If the implicit chain is not in the cache, release pending rules in ctx->list and report EINTR to let the cache core retry to populate a consistent cache. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1402 Fixes: c330152b7f77 ("src: support for implicit chain bindings") Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- src/cache.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/cache.c b/src/cache.c index fd8df884c095..b6ae2310b175 100644 --- a/src/cache.c +++ b/src/cache.c @@ -847,12 +847,21 @@ static int rule_init_cache(struct netlink_ctx *ctx, struct table *table, chain = chain_binding_lookup(table, rule->handle.chain.name); if (!chain) - return -1; + goto err_ctx_list; list_move_tail(&rule->list, &chain->rules); } return ret; + +err_ctx_list: + list_for_each_entry_safe(rule, nrule, &ctx->list, list) { + list_del(&rule->list); + rule_free(rule); + } + errno = EINTR; + + return -1; } static int implicit_chain_cache(struct netlink_ctx *ctx, struct table *table, -- 2.30.2
