summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAna Rey <anarey@gmail.com>2013-12-02 11:44:48 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2013-12-30 23:50:54 +0100
commit6a4033b70dfdcc2df66f4ea51c901786a2b6131c (patch)
tree130c6d3bb1b4020909a2aa30d08a7c49437d4ae6
parent959815ef0f99d7b176d2352973bf57792b4ea6f5 (diff)
nft: fix memory leaks in nft_xtables_config_load
Those errors are shown with the valgrind tool: valgrind --leak-check=full xtables -A INPUT -i eth0 -p tcp --dport 80 ==7377== ==7377== 16 bytes in 1 blocks are definitely lost in loss record 2 of 14 ==7377== at 0x4C2B514: calloc (vg_replace_malloc.c:593) ==7377== by 0x5955B02: nft_table_list_alloc (table.c:425) ==7377== by 0x4186EB: nft_xtables_config_load (nft.c:2427) ==7377== by 0x4189E6: nft_rule_append (nft.c:991) ==7377== by 0x413A7D: add_entry.isra.6 (xtables.c:424) ==7377== by 0x41524A: do_commandx (xtables.c:1176) ==7377== by 0x4134DC: xtables_main (xtables-standalone.c:72) ==7377== by 0x5B87994: (below main) (libc-start.c:260) ==7377== ==7377== 16 bytes in 1 blocks are definitely lost in loss record 3 of 14 ==7377== at 0x4C2B514: calloc (vg_replace_malloc.c:593) ==7377== by 0x5956A32: nft_chain_list_alloc (chain.c:888) ==7377== by 0x4186F3: nft_xtables_config_load (nft.c:2428) ==7377== by 0x4189E6: nft_rule_append (nft.c:991) ==7377== by 0x413A7D: add_entry.isra.6 (xtables.c:424) ==7377== by 0x41524A: do_commandx (xtables.c:1176) ==7377== by 0x4134DC: xtables_main (xtables-standalone.c:72) ==7377== by 0x5B87994: (below main) (libc-start.c:260) Fix these leaks and consolidate error handling in the exit path of nft_xtables_config_load Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--iptables/nft.c27
1 files changed, 17 insertions, 10 deletions
diff --git a/iptables/nft.c b/iptables/nft.c
index 2135b04c..0599beb8 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2423,8 +2423,8 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename,
{
struct nft_table_list *table_list = nft_table_list_alloc();
struct nft_chain_list *chain_list = nft_chain_list_alloc();
- struct nft_table_list_iter *titer;
- struct nft_chain_list_iter *citer;
+ struct nft_table_list_iter *titer = NULL;
+ struct nft_chain_list_iter *citer = NULL;
struct nft_table *table;
struct nft_chain *chain;
uint32_t table_family, chain_family;
@@ -2440,7 +2440,7 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename,
"Fatal error parsing config file: %s\n",
strerror(errno));
}
- return -1;
+ goto err;
}
/* Stage 1) create tables */
@@ -2463,9 +2463,7 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename,
"table `%s' cannot be create, reason `%s'. Exitting\n",
(char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME),
strerror(errno));
- nft_table_list_iter_destroy(titer);
- nft_table_list_free(table_list);
- return -1;
+ goto err;
}
continue;
}
@@ -2476,7 +2474,7 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename,
nft_table_list_free(table_list);
if (!found)
- return -1;
+ goto err;
/* Stage 2) create chains */
citer = nft_chain_list_iter_create(chain_list);
@@ -2497,9 +2495,7 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename,
"chain `%s' cannot be create, reason `%s'. Exitting\n",
(char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_NAME),
strerror(errno));
- nft_chain_list_iter_destroy(citer);
- nft_chain_list_free(chain_list);
- return -1;
+ goto err;
}
continue;
}
@@ -2513,6 +2509,17 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename,
nft_chain_list_free(chain_list);
return 0;
+
+err:
+ nft_table_list_free(table_list);
+ nft_chain_list_free(chain_list);
+
+ if (titer != NULL)
+ nft_table_list_iter_destroy(titer);
+ if (citer != NULL)
+ nft_table_list_iter_destroy(citer);
+
+ return -1;
}
int nft_chain_zero_counters(struct nft_handle *h, const char *chain,