With the help of a Coverity Scan, it was pointed out that it's present a
memory leak in the corner case where find_proto is not NULL in the
function should_load_proto. find_proto return a struct xtables_match
pointer from xtables_find_match that is allocated but never freed.
Correctly free the found proto in the corner case where find_proto
succeed.
Signed-off-by: Christian Marangi <ansuelsmth@xxxxxxxxx>
---
iptables/xshared.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/iptables/xshared.c b/iptables/xshared.c
index 17aed04e..0beacfdc 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -113,11 +113,16 @@ find_proto(const char *pname, enum xtables_tryload tryload,
*/
static bool should_load_proto(struct iptables_command_state *cs)
{
+ struct xtables_match *proto;
+
if (cs->protocol == NULL)
return false;
- if (find_proto(cs->protocol, XTF_DONT_LOAD,
- cs->options & OPT_NUMERIC, NULL) == NULL)
+ proto = find_proto(cs->protocol, XTF_DONT_LOAD,
+ cs->options & OPT_NUMERIC, NULL);
+ if (proto == NULL)
return true;
+
+ free(proto);
return !cs->proto_used;
}
--
2.39.2
