summaryrefslogtreecommitdiffstats
path: root/iptables.c
diff options
context:
space:
mode:
Diffstat (limited to 'iptables.c')
-rw-r--r--iptables.c28
1 files changed, 25 insertions, 3 deletions
diff --git a/iptables.c b/iptables.c
index 4b0fe6c1..bec912f4 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1431,6 +1431,8 @@ delete_entry(const ipt_chainlabel chain,
ret &= iptc_delete_entry(chain, fw, mask, handle);
}
}
+ free(mask);
+
return ret;
}
@@ -1652,6 +1654,8 @@ void clear_rule_matches(struct iptables_rule_match **matches)
for (matchp = *matches; matchp;) {
tmp = matchp->next;
+ if (matchp->match->m)
+ free(matchp->match->m);
free(matchp);
matchp = tmp;
}
@@ -1685,9 +1689,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
memset(&fw, 0, sizeof(fw));
- opts = original_opts;
- global_option_offset = 0;
-
/* re-set optind to 0 in case do_command gets called
* a second time */
optind = 0;
@@ -2196,6 +2197,9 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
printf("Warning: using chain %s, not extension\n",
jumpto);
+ if (target->t)
+ free(target->t);
+
target = NULL;
}
@@ -2225,6 +2229,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
find_target(jumpto, LOAD_MUST_SUCCEED);
} else {
e = generate_entry(&fw, matches, target->t);
+ free(target->t);
}
}
@@ -2302,5 +2307,22 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
clear_rule_matches(&matches);
+ if (e != NULL) {
+ free(e);
+ e = NULL;
+ }
+
+ for (c = 0; c < nsaddrs; c++)
+ free(&saddrs[c]);
+
+ for (c = 0; c < ndaddrs; c++)
+ free(&daddrs[c]);
+
+ if (opts != original_opts) {
+ free(opts);
+ opts = original_opts;
+ global_option_offset = 0;
+ }
+
return ret;
}