nft: Use xtables_{m,c}alloc() everywhere

Make use of libxtables allocators where sensible to have implicit error
checking. Leave library-internal calls in place to not create unexpected
program exit points for users, apart from xt_xlate_alloc() as that
function called xtables_error() in error case which exits by itself
already.

Signed-off-by: Phil Sutter <phil@nwl.cc>

6 files changed, 12 insertions, 47 deletions

diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index d98fd527..11f3df35 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -477,11 +477,7 @@ static void nft_bridge_parse_lookup(struct nft_xt_ctx *ctx,
 static void parse_watcher(void *object, struct ebt_match **match_list,
 			  bool ismatch)
 {
-	struct ebt_match *m;
-
-	m = calloc(1, sizeof(struct ebt_match));
-	if (m == NULL)
-		xtables_error(OTHER_PROBLEM, "Can't allocate memory");
+	struct ebt_match *m = xtables_calloc(1, sizeof(struct ebt_match));
 
 	if (ismatch)
 		m->u.match = object;
diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c
index a0c76a79..87e66905 100644
--- a/iptables/nft-cmd.c
+++ b/iptables/nft-cmd.c
@@ -23,10 +23,7 @@ struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command,
 	struct nftnl_rule *rule;
 	struct nft_cmd *cmd;
 
-	cmd = calloc(1, sizeof(struct nft_cmd));
-	if (!cmd)
-		return NULL;
-
+	cmd = xtables_calloc(1, sizeof(struct nft_cmd));
 	cmd->command = command;
 	cmd->table = xtables_strdup(table);
 	if (chain)
diff --git a/iptables/nft.c b/iptables/nft.c
index a470939d..c9ed38bd 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -362,10 +362,7 @@ static struct obj_update *batch_add(struct nft_handle *h, enum obj_update_type t
 {
 	struct obj_update *obj;
 
-	obj = calloc(1, sizeof(struct obj_update));
-	if (obj == NULL)
-		return NULL;
-
+	obj = xtables_calloc(1, sizeof(struct obj_update));
 	obj->ptr = ptr;
 	obj->error.lineno = h->error.lineno;
 	obj->type = type;
@@ -997,10 +994,7 @@ static int __add_match(struct nftnl_expr *e, struct xt_entry_match *m)
 	nftnl_expr_set(e, NFTNL_EXPR_MT_NAME, m->u.user.name, strlen(m->u.user.name));
 	nftnl_expr_set_u32(e, NFTNL_EXPR_MT_REV, m->u.user.revision);
 
-	info = calloc(1, m->u.match_size);
-	if (info == NULL)
-		return -ENOMEM;
-
+	info = xtables_calloc(1, m->u.match_size);
 	memcpy(info, m->data, m->u.match_size - sizeof(*m));
 	nftnl_expr_set(e, NFTNL_EXPR_MT_INFO, info, m->u.match_size - sizeof(*m));
 
@@ -1245,10 +1239,7 @@ static int __add_target(struct nftnl_expr *e, struct xt_entry_target *t)
 			  strlen(t->u.user.name));
 	nftnl_expr_set_u32(e, NFTNL_EXPR_TG_REV, t->u.user.revision);
 
-	info = calloc(1, t->u.target_size);
-	if (info == NULL)
-		return -ENOMEM;
-
+	info = xtables_calloc(1, t->u.target_size);
 	memcpy(info, t->data, t->u.target_size - sizeof(*t));
 	nftnl_expr_set(e, NFTNL_EXPR_TG_INFO, info, t->u.target_size - sizeof(*t));
 
diff --git a/iptables/xshared.c b/iptables/xshared.c
index ed3e9c5a..2d3ef679 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -220,9 +220,7 @@ void xs_init_target(struct xtables_target *target)
 {
 	if (target->udata_size != 0) {
 		free(target->udata);
-		target->udata = calloc(1, target->udata_size);
-		if (target->udata == NULL)
-			xtables_error(RESOURCE_PROBLEM, "malloc");
+		target->udata = xtables_calloc(1, target->udata_size);
 	}
 	if (target->init != NULL)
 		target->init(target->t);
@@ -238,9 +236,7 @@ void xs_init_match(struct xtables_match *match)
 		 * Same goes for target.
 		 */
 		free(match->udata);
-		match->udata = calloc(1, match->udata_size);
-		if (match->udata == NULL)
-			xtables_error(RESOURCE_PROBLEM, "malloc");
+		match->udata = xtables_calloc(1, match->udata_size);
 	}
 	if (match->init != NULL)
 		match->init(match->m);
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 6e35f58e..6e5ecd48 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -274,9 +274,7 @@ static struct option *merge_options(struct option *oldopts,
 	ebtables_globals.option_offset += OPTION_OFFSET;
 	*options_offset = ebtables_globals.option_offset;
 
-	merge = malloc(sizeof(struct option) * (num_new + num_old + 1));
-	if (!merge)
-		return NULL;
+	merge = xtables_malloc(sizeof(struct option) * (num_new + num_old + 1));
 	memcpy(merge, oldopts, num_old * sizeof(struct option));
 	for (i = 0; i < num_new; i++) {
 		merge[num_old + i] = newopts[i];
@@ -571,10 +569,7 @@ void ebt_add_match(struct xtables_match *m,
 	m->mflags = 0;
 
 	/* glue code for watchers */
-	newnode = calloc(1, sizeof(struct ebt_match));
-	if (newnode == NULL)
-		xtables_error(OTHER_PROBLEM, "Unable to alloc memory");
-
+	newnode = xtables_calloc(1, sizeof(struct ebt_match));
 	newnode->ismatch = true;
 	newnode->u.match = newm;
 
@@ -603,10 +598,7 @@ void ebt_add_watcher(struct xtables_target *watcher,
 	watcher->tflags = 0;
 
 
-	newnode = calloc(1, sizeof(struct ebt_match));
-	if (newnode == NULL)
-		xtables_error(OTHER_PROBLEM, "Unable to alloc memory");
-
+	newnode = xtables_calloc(1, sizeof(struct ebt_match));
 	newnode->u.watcher = clone;
 
 	for (matchp = &cs->match_list; *matchp; matchp = &(*matchp)->next)
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index b261e97b..d670175d 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -2353,18 +2353,11 @@ struct xt_xlate {
 
 struct xt_xlate *xt_xlate_alloc(int size)
 {
-	struct xt_xlate *xl;
+	struct xt_xlate *xl = xtables_malloc(sizeof(struct xt_xlate));
 	int i;
 
-	xl = malloc(sizeof(struct xt_xlate));
-	if (xl == NULL)
-		xtables_error(RESOURCE_PROBLEM, "OOM");
-
 	for (i = 0; i < __XT_XLATE_MAX; i++) {
-		xl->buf[i].data = malloc(size);
-		if (xl->buf[i].data == NULL)
-			xtables_error(RESOURCE_PROBLEM, "OOM");
-
+		xl->buf[i].data = xtables_malloc(size);
 		xl->buf[i].data[0] = '\0';
 		xl->buf[i].size = size;
 		xl->buf[i].rem = size;