diff options
| author | Phil Sutter <phil@nwl.cc> | 2021-06-02 11:55:20 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2021-06-07 14:50:27 +0200 |
| commit | eab75ed36a4f204ddab0c40ba42c5a300634d5c3 (patch) | |
| tree | 33beaba88517be6c18f5d86fb6ec84ed12f9bb65 /iptables | |
| parent | ffe88f8f01263687e82ef4d3d2bdc0cb5444711e (diff) | |
nft: Avoid memleak in error path of nft_cmd_new()
If rule allocation fails, free the allocated 'cmd' before returning to
caller.
Fixes: a7f1e208cdf9c ("nft: split parsing from netlink commands")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables')
| -rw-r--r-- | iptables/nft-cmd.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c index f2b935c5..c3f6c14e 100644 --- a/iptables/nft-cmd.c +++ b/iptables/nft-cmd.c @@ -35,8 +35,10 @@ struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command, if (state) { rule = nft_rule_new(h, chain, table, state); - if (!rule) + if (!rule) { + nft_cmd_free(cmd); return NULL; + } cmd->obj.rule = rule; |