Inconditionally reset filter for each command in the batch, this is safer.
Fixes: 3f1d3912c3a6 ("cache: filter out tables that are not requested")
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
v2: new in this series
src/cache.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/cache.c b/src/cache.c
index 233147649263..5442da35a129 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -400,6 +400,11 @@ err_name_too_long:
return -1;
}
+static void reset_filter(struct nft_cache_filter *filter)
+{
+ memset(&filter->list, 0, sizeof(filter->list));
+}
+
int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds,
struct list_head *msgs, struct nft_cache_filter *filter,
unsigned int *pflags)
@@ -411,8 +416,7 @@ int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds,
if (nft_handle_validate(cmd, msgs) < 0)
return -1;
- if (filter->list.table && cmd->op != CMD_LIST)
- memset(&filter->list, 0, sizeof(filter->list));
+ reset_filter(filter);
switch (cmd->op) {
case CMD_ADD:
--
2.30.2
