diff options
| author | Phil Sutter <phil@nwl.cc> | 2024-01-31 21:40:19 +0100 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2024-02-01 14:51:30 +0100 |
| commit | d109e41344b8f54741c0862a44d544a713178dd3 (patch) | |
| tree | 5990f301d536ff6977aa5be83c9f32889fcf2177 /iptables | |
| parent | 933e605154c439218f73f48b028abbeed336c3c5 (diff) | |
xshared: Introduce xtables_clear_args()
Perform struct xtables_args object deinit in a common place, even though
it merely consists of freeing any IP addresses and masks.
This fixes for a memleak in arptables-translate as the check for
h->family didn't catch the value NFPROTO_ARP.
Fixes: 5b7324e0675e3 ("nft-arp: add arptables-translate")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables')
| -rw-r--r-- | iptables/ip6tables.c | 5 | ||||
| -rw-r--r-- | iptables/iptables.c | 5 | ||||
| -rw-r--r-- | iptables/xshared.c | 8 | ||||
| -rw-r--r-- | iptables/xshared.h | 2 | ||||
| -rw-r--r-- | iptables/xtables-translate.c | 12 | ||||
| -rw-r--r-- | iptables/xtables.c | 5 |
6 files changed, 14 insertions, 23 deletions
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c index 4b5d4ac6..f9ae18ae 100644 --- a/iptables/ip6tables.c +++ b/iptables/ip6tables.c @@ -892,10 +892,7 @@ int do_command6(int argc, char *argv[], char **table, e = NULL; } - free(saddrs); - free(smasks); - free(daddrs); - free(dmasks); + xtables_clear_args(&args); xtables_free_opts(1); return ret; diff --git a/iptables/iptables.c b/iptables/iptables.c index 5ae28fe0..8eb043e9 100644 --- a/iptables/iptables.c +++ b/iptables/iptables.c @@ -887,10 +887,7 @@ int do_command4(int argc, char *argv[], char **table, e = NULL; } - free(saddrs); - free(smasks); - free(daddrs); - free(dmasks); + xtables_clear_args(&args); xtables_free_opts(1); return ret; diff --git a/iptables/xshared.c b/iptables/xshared.c index 7d073891..0b2724a3 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -2185,3 +2185,11 @@ make_delete_mask(const struct xtables_rule_match *matches, return mask; } + +void xtables_clear_args(struct xtables_args *args) +{ + free(args->s.addr.ptr); + free(args->s.mask.ptr); + free(args->d.addr.ptr); + free(args->d.mask.ptr); +} diff --git a/iptables/xshared.h b/iptables/xshared.h index 2a9cdf45..7d4035ec 100644 --- a/iptables/xshared.h +++ b/iptables/xshared.h @@ -333,4 +333,6 @@ unsigned char *make_delete_mask(const struct xtables_rule_match *matches, void iface_to_mask(const char *ifname, unsigned char *mask); +void xtables_clear_args(struct xtables_args *args); + #endif /* IPTABLES_XSHARED_H */ diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c index ad443112..8ebe523c 100644 --- a/iptables/xtables-translate.c +++ b/iptables/xtables-translate.c @@ -349,17 +349,7 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[], h->ops->clear_cs(&cs); - if (h->family == AF_INET) { - free(args.s.addr.v4); - free(args.s.mask.v4); - free(args.d.addr.v4); - free(args.d.mask.v4); - } else if (h->family == AF_INET6) { - free(args.s.addr.v6); - free(args.s.mask.v6); - free(args.d.addr.v6); - free(args.d.mask.v6); - } + xtables_clear_args(&args); xtables_free_opts(1); return ret; diff --git a/iptables/xtables.c b/iptables/xtables.c index 22d6ea58..5d73481c 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -264,10 +264,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, h->ops->clear_cs(&cs); - free(args.s.addr.ptr); - free(args.s.mask.ptr); - free(args.d.addr.ptr); - free(args.d.mask.ptr); + xtables_clear_args(&args); xtables_free_opts(1); return ret; |