From ce3c7808c2110d8b587cc5c54951232e50fe0636 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Thu, 12 Apr 2018 11:51:38 +0200
Subject: nft: make nft_init self-contained

nft_init() should rollback all changes it made during init
when something goes wrong, callers should NOT call nft_fini()
on error.

Note that this change is irrelevant at the moment, all users
call exit() on failure.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 iptables/nft.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'iptables/nft.c')

diff --git a/iptables/nft.c b/iptables/nft.c
index b3d9646d..fa01e241 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -767,8 +767,10 @@ int nft_init(struct nft_handle *h, struct builtin_table *t)
 	if (h->nl == NULL)
 		return -1;
 
-	if (mnl_socket_bind(h->nl, 0, MNL_SOCKET_AUTOPID) < 0)
+	if (mnl_socket_bind(h->nl, 0, MNL_SOCKET_AUTOPID) < 0) {
+		mnl_socket_close(h->nl);
 		return -1;
+	}
 
 	h->portid = mnl_socket_get_portid(h->nl);
 	h->tables = t;
-- 
cgit v1.2.3