xtables: Add a few missing exit calls

Mostly to reduce noise from valgrind output, add missing calls to
destroy iterators in nft.c and add cleanup for the populated nft_handle
in xtables_eb_save_main().

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

2 files changed, 7 insertions, 2 deletions

diff --git a/iptables/nft.c b/iptables/nft.c
index dd8469a9..b2165069 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1830,12 +1830,15 @@ bool nft_table_find(struct nft_handle *h, const char *tablename)
 		const char *this_tablename =
 			nftnl_table_get(t, NFTNL_TABLE_NAME);
 
-		if (strcmp(tablename, this_tablename) == 0)
-			return true;
+		if (strcmp(tablename, this_tablename) == 0) {
+			ret = true;
+			break;
+		}
 
 		t = nftnl_table_list_iter_next(iter);
 	}
 
+	nftnl_table_list_iter_destroy(iter);
 	nftnl_table_list_free(list);
 
 err:
@@ -1868,6 +1871,7 @@ int nft_for_each_table(struct nft_handle *h,
 		t = nftnl_table_list_iter_next(iter);
 	}
 
+	nftnl_table_list_iter_destroy(iter);
 	nftnl_table_list_free(list);
 	return 0;
 }
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index fc51fcfe..182ae13c 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -285,6 +285,7 @@ int xtables_eb_save_main(int argc_, char *argv_[])
 	}
 
 	nft_for_each_table(&h, __ebt_save, !!ctr);
+	nft_fini(&h);
 	return 0;
 }