diff options
author | Phil Sutter <phil@nwl.cc> | 2020-03-02 18:29:54 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2020-03-06 16:56:08 +0100 |
commit | 94c858c8665c4a7370d9628953f2e034fe73fc60 (patch) | |
tree | b9dd60dfde43e2b586e31ca19cef299b04de1c49 /iptables | |
parent | 39ec645093baadeb3735e2e6ac797de5af6b5ac3 (diff) |
nft: cache: Review flush_cache()
While fixing for iptables-nft-restore under stress, I managed to hit
NULL-pointer deref in flush_cache(). Given that nftnl_*_list_free()
functions are not NULL-pointer tolerant, better make sure such are not
passed by accident.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/nft-cache.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c index 0429fb32..0dd131e1 100644 --- a/iptables/nft-cache.c +++ b/iptables/nft-cache.c @@ -603,17 +603,19 @@ static int flush_cache(struct nft_handle *h, struct nft_cache *c, if (h->tables[i].name == NULL) continue; - if (!c->table[i].chains) - continue; - - nftnl_chain_list_free(c->table[i].chains); - c->table[i].chains = NULL; - if (c->table[i].sets) + if (c->table[i].chains) { + nftnl_chain_list_free(c->table[i].chains); + c->table[i].chains = NULL; + } + if (c->table[i].sets) { nftnl_set_list_free(c->table[i].sets); - c->table[i].sets = NULL; + c->table[i].sets = NULL; + } + } + if (c->tables) { + nftnl_table_list_free(c->tables); + c->tables = NULL; } - nftnl_table_list_free(c->tables); - c->tables = NULL; return 1; } |