diff options
| author | Alvaro Neira <alvaroneay@gmail.com> | 2015-02-11 22:12:22 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-02-13 16:52:56 +0100 |
| commit | 08c9bfc99382a60b6656ddb25ffdf4baee4df65d (patch) | |
| tree | 48bffbfb7d2b86842ad508adfcf3e41aa699b887 /src/ruleset.c | |
| parent | 46a475c4649d101726580800b54b81e204083705 (diff) | |
ruleset: fix leak in json/xml in set lists
==18632== 285 (16 direct, 269 indirect) bytes in 1 blocks are definitely lost in loss record 6 of 6
==18632== at 0x4C272B8: calloc (vg_replace_malloc.c:566)
==18632== by 0x5043822: nft_set_list_alloc (set.c:977)
==18632== by 0x5045483: nft_ruleset_json_parse (ruleset.c:442)
==18632== by 0x50458BE: nft_ruleset_do_parse (ruleset.c:696)
==18632== by 0x408AEC: do_command (rule.c:1317)
==18632== by 0x406B05: nft_run (main.c:194)
==18632== by 0x40667C: main (main.c:360)
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/ruleset.c')
| -rw-r--r-- | src/ruleset.c | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/src/ruleset.c b/src/ruleset.c index 15e84cf..f5b6d55 100644 --- a/src/ruleset.c +++ b/src/ruleset.c @@ -439,10 +439,6 @@ static int nft_ruleset_json_parse_ruleset(struct nft_parse_ctx *ctx, json_t *node, *array = ctx->json; int len, i, ret; - ctx->set_list = nft_set_list_alloc(); - if (ctx->set_list == NULL) - return -1; - len = json_array_size(array); for (i = 0; i < len; i++) { node = json_array_get(array, i); @@ -525,12 +521,16 @@ static int nft_ruleset_json_parse(const void *json, ctx.cb = cb; ctx.format = type; + ctx.set_list = nft_set_list_alloc(); + if (ctx.set_list == NULL) + return -1; + if (arg != NULL) nft_ruleset_ctx_set(&ctx, NFT_RULESET_CTX_DATA, arg); root = nft_jansson_create_root(json, &error, err, input); if (root == NULL) - return -1; + goto err; array = json_object_get(root, "nftables"); if (array == NULL) { @@ -554,9 +554,11 @@ static int nft_ruleset_json_parse(const void *json, goto err; } + nft_set_list_free(ctx.set_list); nft_jansson_free_root(root); return 0; err: + nft_set_list_free(ctx.set_list); nft_jansson_free_root(root); return -1; #else @@ -573,10 +575,6 @@ static int nft_ruleset_xml_parse_ruleset(struct nft_parse_ctx *ctx, mxml_node_t *node, *array = ctx->xml; int len = 0, ret; - ctx->set_list = nft_set_list_alloc(); - if (ctx->set_list == NULL) - return -1; - for (node = mxmlFindElement(array, array, NULL, NULL, NULL, MXML_DESCEND_FIRST); node != NULL; @@ -653,12 +651,16 @@ static int nft_ruleset_xml_parse(const void *xml, struct nft_parse_err *err, ctx.cb = cb; ctx.format = type; + ctx.set_list = nft_set_list_alloc(); + if (ctx.set_list == NULL) + return -1; + if (arg != NULL) nft_ruleset_ctx_set(&ctx, NFT_RULESET_CTX_DATA, arg); tree = nft_mxml_build_tree(xml, "nftables", err, input); if (tree == NULL) - return -1; + goto err; ctx.xml = tree; @@ -670,9 +672,11 @@ static int nft_ruleset_xml_parse(const void *xml, struct nft_parse_err *err, nodecmd = mxmlWalkNext(tree, tree, MXML_NO_DESCEND); } + nft_set_list_free(ctx.set_list); mxmlDelete(tree); return 0; err: + nft_set_list_free(ctx.set_list); mxmlDelete(tree); return -1; #else |