From 8a6cdfaff058412b3d0efec45541cd7d610aeefa Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 6 Jul 2022 13:21:34 +0200 Subject: cache: release pending rules when chain binding lookup fails If the implicit chain is not in the cache, release pending rules in ctx->list and report EINTR to let the cache core retry to populate a consistent cache. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1402 Fixes: c330152b7f77 ("src: support for implicit chain bindings") Signed-off-by: Pablo Neira Ayuso --- src/cache.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/cache.c b/src/cache.c index fd8df884..b6ae2310 100644 --- a/src/cache.c +++ b/src/cache.c @@ -847,12 +847,21 @@ static int rule_init_cache(struct netlink_ctx *ctx, struct table *table, chain = chain_binding_lookup(table, rule->handle.chain.name); if (!chain) - return -1; + goto err_ctx_list; list_move_tail(&rule->list, &chain->rules); } return ret; + +err_ctx_list: + list_for_each_entry_safe(rule, nrule, &ctx->list, list) { + list_del(&rule->list); + rule_free(rule); + } + errno = EINTR; + + return -1; } static int implicit_chain_cache(struct netlink_ctx *ctx, struct table *table, -- cgit v1.2.3