From 783e9c2308e0c6a53482482cf7a6c75c975e23be Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 23 Aug 2018 17:43:27 +0200 Subject: xtables: Add missing deinitialization These fix reports for definitely lost blocks in valgrind. Not really memleaks, but due to nft_handle going out of scope they're counted as lost. Still worth fixing though since it reduces noise when auditing code for real issues. Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- iptables/nft-arp.c | 2 +- iptables/nft-shared.c | 2 ++ iptables/xtables-save.c | 9 +++++---- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index 2843c440..7332b619 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -691,7 +691,7 @@ struct nft_family_ops nft_family_ops_arp = { .save_chain = nft_arp_save_chain, .post_parse = NULL, .rule_to_cs = nft_arp_rule_to_cs, - .clear_cs = NULL, + .clear_cs = nft_clear_iptables_command_state, .rule_find = nft_arp_rule_find, .parse_target = nft_arp_parse_target, }; diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 62a57dd5..4557f17d 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -682,6 +682,8 @@ void nft_rule_to_iptables_command_state(const struct nftnl_rule *r, void nft_clear_iptables_command_state(struct iptables_command_state *cs) { xtables_rule_matches_free(&cs->matches); + if (cs->target) + free(cs->target->t); } void print_header(unsigned int format, const char *chain, const char *pol, diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c index 182ae13c..6734c6b3 100644 --- a/iptables/xtables-save.c +++ b/iptables/xtables-save.c @@ -203,12 +203,12 @@ xtables_save_main(int family, const char *progname, int argc, char *argv[]) exit(EXIT_FAILURE); } - if (dump) { - do_output(&h, tablename, show_counters); + ret = do_output(&h, tablename, show_counters); + nft_fini(&h); + if (dump) exit(0); - } - return do_output(&h, tablename, show_counters); + return ret; } int xtables_ip4_save_main(int argc, char *argv[]) @@ -325,5 +325,6 @@ int xtables_arp_save_main(int argc, char **argv) nft_chain_save(&h, nft_chain_dump(&h), "filter"); nft_rule_save(&h, "filter", FMT_NOCOUNTS); printf("\n"); + nft_fini(&h); return 0; } -- cgit v1.2.3