From 22ff2125fe4352a0c17e642c971a5550170fb397 Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org" Date: Sun, 29 May 2005 19:05:23 +0000 Subject: Release previously merged options from merge_opts(), reduces memory-usage of iptables-restore dramatically (Pablo Neira) --- iptables.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) (limited to 'iptables.c') diff --git a/iptables.c b/iptables.c index 27c5cfa..33ee337 100644 --- a/iptables.c +++ b/iptables.c @@ -306,6 +306,16 @@ inaddrcpy(struct in_addr *dst, struct in_addr *src) dst->s_addr = src->s_addr; } +static void free_opts(int reset_offset) +{ + if (opts != original_opts) { + free(opts); + opts = original_opts; + if (reset_offset) + global_option_offset = 0; + } +} + void exit_error(enum exittype status, char *msg, ...) { @@ -321,6 +331,8 @@ exit_error(enum exittype status, char *msg, ...) if (status == VERSION_PROBLEM) fprintf(stderr, "Perhaps iptables or your kernel needs to be upgraded.\n"); + /* On error paths, make sure that we don't leak memory */ + free_opts(1); exit(status); } @@ -331,6 +343,7 @@ exit_tryhelp(int status) fprintf(stderr, "Error occurred at line: %d\n", line); fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n", program_name, program_name ); + free_opts(1); exit(status); } @@ -1016,6 +1029,9 @@ merge_options(struct option *oldopts, const struct option *newopts, unsigned int num_old, num_new, i; struct option *merge; + /* Release previous options merged if any */ + free_opts(0); + for (num_old = 0; oldopts[num_old].name; num_old++); for (num_new = 0; newopts[num_new].name; num_new++); @@ -2443,12 +2459,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) free(saddrs); free(daddrs); - - if (opts != original_opts) { - free(opts); - opts = original_opts; - global_option_offset = 0; - } + free_opts(1); return ret; } -- cgit v1.2.3