diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-03-15 11:31:50 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-03-15 17:14:03 +0100 |
commit | 10e19428a5ef9568d9d1ba88f9158eaa0a161cb3 (patch) | |
tree | 3b85b62f7d5153f4dcd78a66d71c999268478255 /include/nftables.h | |
parent | d3cace26609253a8e3f20aeb8693f37d63897a7e (diff) |
src: file descriptor leak in include_file()
File that contains the ruleset is never closed, track open files through
the nft_ctx object and close them accordingly.
Reported-by: Václav Zindulka <vaclav.zindulka@tlapnet.cz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/nftables.h')
-rw-r--r-- | include/nftables.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/nftables.h b/include/nftables.h index 5c029261..b17a16a4 100644 --- a/include/nftables.h +++ b/include/nftables.h @@ -86,6 +86,8 @@ struct nft_cache { struct mnl_socket; struct parser_state; +#define MAX_INCLUDE_DEPTH 16 + struct nft_ctx { struct mnl_socket *nf_sock; char **include_paths; @@ -99,6 +101,7 @@ struct nft_ctx { struct parser_state *state; void *scanner; void *json_root; + FILE *f[MAX_INCLUDE_DEPTH]; }; enum nftables_exit_codes { |