From d109e41344b8f54741c0862a44d544a713178dd3 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 31 Jan 2024 21:40:19 +0100 Subject: xshared: Introduce xtables_clear_args() Perform struct xtables_args object deinit in a common place, even though it merely consists of freeing any IP addresses and masks. This fixes for a memleak in arptables-translate as the check for h->family didn't catch the value NFPROTO_ARP. Fixes: 5b7324e0675e3 ("nft-arp: add arptables-translate") Signed-off-by: Phil Sutter --- iptables/ip6tables.c | 5 +---- iptables/iptables.c | 5 +---- iptables/xshared.c | 8 ++++++++ iptables/xshared.h | 2 ++ iptables/xtables-translate.c | 12 +----------- iptables/xtables.c | 5 +---- 6 files changed, 14 insertions(+), 23 deletions(-) (limited to 'iptables') diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c index 4b5d4ac6..f9ae18ae 100644 --- a/iptables/ip6tables.c +++ b/iptables/ip6tables.c @@ -892,10 +892,7 @@ int do_command6(int argc, char *argv[], char **table, e = NULL; } - free(saddrs); - free(smasks); - free(daddrs); - free(dmasks); + xtables_clear_args(&args); xtables_free_opts(1); return ret; diff --git a/iptables/iptables.c b/iptables/iptables.c index 5ae28fe0..8eb043e9 100644 --- a/iptables/iptables.c +++ b/iptables/iptables.c @@ -887,10 +887,7 @@ int do_command4(int argc, char *argv[], char **table, e = NULL; } - free(saddrs); - free(smasks); - free(daddrs); - free(dmasks); + xtables_clear_args(&args); xtables_free_opts(1); return ret; diff --git a/iptables/xshared.c b/iptables/xshared.c index 7d073891..0b2724a3 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -2185,3 +2185,11 @@ make_delete_mask(const struct xtables_rule_match *matches, return mask; } + +void xtables_clear_args(struct xtables_args *args) +{ + free(args->s.addr.ptr); + free(args->s.mask.ptr); + free(args->d.addr.ptr); + free(args->d.mask.ptr); +} diff --git a/iptables/xshared.h b/iptables/xshared.h index 2a9cdf45..7d4035ec 100644 --- a/iptables/xshared.h +++ b/iptables/xshared.h @@ -333,4 +333,6 @@ unsigned char *make_delete_mask(const struct xtables_rule_match *matches, void iface_to_mask(const char *ifname, unsigned char *mask); +void xtables_clear_args(struct xtables_args *args); + #endif /* IPTABLES_XSHARED_H */ diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c index ad443112..8ebe523c 100644 --- a/iptables/xtables-translate.c +++ b/iptables/xtables-translate.c @@ -349,17 +349,7 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[], h->ops->clear_cs(&cs); - if (h->family == AF_INET) { - free(args.s.addr.v4); - free(args.s.mask.v4); - free(args.d.addr.v4); - free(args.d.mask.v4); - } else if (h->family == AF_INET6) { - free(args.s.addr.v6); - free(args.s.mask.v6); - free(args.d.addr.v6); - free(args.d.mask.v6); - } + xtables_clear_args(&args); xtables_free_opts(1); return ret; diff --git a/iptables/xtables.c b/iptables/xtables.c index 22d6ea58..5d73481c 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -264,10 +264,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, h->ops->clear_cs(&cs); - free(args.s.addr.ptr); - free(args.s.mask.ptr); - free(args.d.addr.ptr); - free(args.d.mask.ptr); + xtables_clear_args(&args); xtables_free_opts(1); return ret; -- cgit v1.2.3