[iptables PATCH 7/9] iptables: Properly clear iptables_command_state object

Phil Sutter <phil@xxxxxx> · Wed, 30 Nov 2022 20:13:43 +0100

When adding a rule with a target which defines a udata_size, valgrind
prints:

8 bytes in 1 blocks are definitely lost in loss record 1 of 1
   at 0x484659F: calloc (vg_replace_malloc.c:1328)
   by 0x486B128: xtables_calloc (xtables.c:434)
   by 0x1128B4: xs_init_target (xshared.c:238)
   by 0x113CD3: command_jump (xshared.c:877)
   by 0x114969: do_parse (xshared.c:1644)
   by 0x10EEB9: do_command4 (iptables.c:691)
   by 0x10E45B: iptables_main (iptables-standalone.c:59)
   by 0x49A2349: (below main) (in /lib64/libc.so.6)

It is not sufficient to free cs.target->t, so call
xtables_clear_iptables_command_state() which takes care of all the
details.

Fixes: 2dba676b68ef8 ("extensions: support for per-extension instance "global" variable space")
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 iptables/ip6tables.c | 3 +--
 iptables/iptables.c  | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 1d2326570a71d..345af4519bfe7 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -778,7 +778,6 @@ int do_command6(int argc, char *argv[], char **table,
 			xtables_find_target(cs.jumpto, XTF_LOAD_MUST_SUCCEED);
 		} else {
 			e = generate_entry(&cs.fw6, cs.matches, cs.target->t);
-			free(cs.target->t);
 		}
 	}
 
@@ -880,7 +879,7 @@ int do_command6(int argc, char *argv[], char **table,
 	if (verbose > 1)
 		dump_entries6(*handle);
 
-	xtables_rule_matches_free(&cs.matches);
+	xtables_clear_iptables_command_state(&cs);
 
 	if (e != NULL) {
 		free(e);
diff --git a/iptables/iptables.c b/iptables/iptables.c
index d246198f49d27..6f7b34762ea40 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -773,7 +773,6 @@ int do_command4(int argc, char *argv[], char **table,
 			xtables_find_target(cs.jumpto, XTF_LOAD_MUST_SUCCEED);
 		} else {
 			e = generate_entry(&cs.fw, cs.matches, cs.target->t);
-			free(cs.target->t);
 		}
 	}
 
@@ -875,7 +874,7 @@ int do_command4(int argc, char *argv[], char **table,
 	if (verbose > 1)
 		dump_entries(*handle);
 
-	xtables_rule_matches_free(&cs.matches);
+	xtables_clear_iptables_command_state(&cs);
 
 	if (e != NULL) {
 		free(e);
-- 
2.38.0







