From a0da4c5bbf0d741fb815a977c945afe1b9a0739f Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Tue, 26 Feb 2019 22:13:38 +0100
Subject: libnftables: Print errors before freeing commands

Commands may contain data printed by an error record, so make sure
cmd_free() is not called before erec_print_list() has returned.

Fixes: 778de37d82e7b ("libnftables: Keep cmds list outside of parser_state")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/libnftables.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/libnftables.c')

diff --git a/src/libnftables.c b/src/libnftables.c
index bd79cd60..2271d270 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -398,11 +398,11 @@ int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf)
 	if (nft_netlink(nft, &cmds, &msgs, nft->nf_sock) != 0)
 		rc = -1;
 err:
+	erec_print_list(&nft->output, &msgs, nft->debug_mask);
 	list_for_each_entry_safe(cmd, next, &cmds, list) {
 		list_del(&cmd->list);
 		cmd_free(cmd);
 	}
-	erec_print_list(&nft->output, &msgs, nft->debug_mask);
 	iface_cache_release();
 	if (nft->scanner) {
 		scanner_destroy(nft->scanner);
@@ -442,11 +442,11 @@ int nft_run_cmd_from_filename(struct nft_ctx *nft, const char *filename)
 	if (nft_netlink(nft, &cmds, &msgs, nft->nf_sock) != 0)
 		rc = -1;
 err:
+	erec_print_list(&nft->output, &msgs, nft->debug_mask);
 	list_for_each_entry_safe(cmd, next, &cmds, list) {
 		list_del(&cmd->list);
 		cmd_free(cmd);
 	}
-	erec_print_list(&nft->output, &msgs, nft->debug_mask);
 	iface_cache_release();
 	if (nft->scanner) {
 		scanner_destroy(nft->scanner);
-- 
cgit v1.2.3