Perform struct xtables_args object deinit in a common place, even though
it merely consists of freeing any IP addresses and masks.
This fixes for a memleak in arptables-translate as the check for
h->family didn't catch the value NFPROTO_ARP.
Fixes: 5b7324e0675e3 ("nft-arp: add arptables-translate")
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/ip6tables.c | 5 +----
iptables/iptables.c | 5 +----
iptables/xshared.c | 8 ++++++++
iptables/xshared.h | 2 ++
iptables/xtables-translate.c | 12 +-----------
iptables/xtables.c | 5 +----
6 files changed, 14 insertions(+), 23 deletions(-)
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 4b5d4ac6878b7..f9ae18aed8041 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -892,10 +892,7 @@ int do_command6(int argc, char *argv[], char **table,
e = NULL;
}
- free(saddrs);
- free(smasks);
- free(daddrs);
- free(dmasks);
+ xtables_clear_args(&args);
xtables_free_opts(1);
return ret;
diff --git a/iptables/iptables.c b/iptables/iptables.c
index 5ae28fe04a5f5..8eb043e9b736e 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -887,10 +887,7 @@ int do_command4(int argc, char *argv[], char **table,
e = NULL;
}
- free(saddrs);
- free(smasks);
- free(daddrs);
- free(dmasks);
+ xtables_clear_args(&args);
xtables_free_opts(1);
return ret;
diff --git a/iptables/xshared.c b/iptables/xshared.c
index 7d073891ed5c3..0b2724a3e5162 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -2185,3 +2185,11 @@ make_delete_mask(const struct xtables_rule_match *matches,
return mask;
}
+
+void xtables_clear_args(struct xtables_args *args)
+{
+ free(args->s.addr.ptr);
+ free(args->s.mask.ptr);
+ free(args->d.addr.ptr);
+ free(args->d.mask.ptr);
+}
diff --git a/iptables/xshared.h b/iptables/xshared.h
index 2a9cdf45f581a..7d4035ec03e52 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -333,4 +333,6 @@ unsigned char *make_delete_mask(const struct xtables_rule_match *matches,
void iface_to_mask(const char *ifname, unsigned char *mask);
+void xtables_clear_args(struct xtables_args *args);
+
#endif /* IPTABLES_XSHARED_H */
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index ad44311230323..8ebe523c447f2 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -349,17 +349,7 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[],
h->ops->clear_cs(&cs);
- if (h->family == AF_INET) {
- free(args.s.addr.v4);
- free(args.s.mask.v4);
- free(args.d.addr.v4);
- free(args.d.mask.v4);
- } else if (h->family == AF_INET6) {
- free(args.s.addr.v6);
- free(args.s.mask.v6);
- free(args.d.addr.v6);
- free(args.d.mask.v6);
- }
+ xtables_clear_args(&args);
xtables_free_opts(1);
return ret;
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 22d6ea58376fc..5d73481c25761 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -264,10 +264,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
h->ops->clear_cs(&cs);
- free(args.s.addr.ptr);
- free(args.s.mask.ptr);
- free(args.d.addr.ptr);
- free(args.d.mask.ptr);
+ xtables_clear_args(&args);
xtables_free_opts(1);
return ret;
--
2.43.0
