From 10e19428a5ef9568d9d1ba88f9158eaa0a161cb3 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 15 Mar 2019 11:31:50 +0100
Subject: src: file descriptor leak in include_file()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

File that contains the ruleset is never closed, track open files through
the nft_ctx object and close them accordingly.

Reported-by: Václav Zindulka <vaclav.zindulka@tlapnet.cz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/parser.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'include/parser.h')

diff --git a/include/parser.h b/include/parser.h
index ea41ca03..8e57899e 100644
--- a/include/parser.h
+++ b/include/parser.h
@@ -3,8 +3,8 @@
 
 #include <list.h>
 #include <rule.h> // FIXME
+#include <nftables.h>
 
-#define MAX_INCLUDE_DEPTH		16
 #define TABSIZE				8
 
 #define YYLTYPE				struct location
@@ -36,9 +36,9 @@ extern void parser_init(struct nft_ctx *nft, struct parser_state *state,
 extern int nft_parse(struct nft_ctx *ctx, void *, struct parser_state *state);
 
 extern void *scanner_init(struct parser_state *state);
-extern void scanner_destroy(void *scanner);
+extern void scanner_destroy(struct nft_ctx *nft);
 
-extern int scanner_read_file(void *scanner, const char *filename,
+extern int scanner_read_file(struct nft_ctx *nft, const char *filename,
 			     const struct location *loc);
 extern int scanner_include_file(struct nft_ctx *ctx, void *scanner,
 				const char *filename,
-- 
cgit v1.2.3