From 85d7df90ed505d8de7ff27cc5106492049756f4e Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Mon, 12 Nov 2018 14:29:47 +0100 Subject: xtables: Fix error return code in nft_chain_user_rename() If the chain to rename wasn't found, the function would return -1 which got interpreted as success. Signed-off-by: Phil Sutter --- iptables/nft.c | 4 ++-- iptables/tests/shell/testcases/iptables/0004-return-codes_0 | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/iptables/nft.c b/iptables/nft.c index 5967b652..e8538d38 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1750,14 +1750,14 @@ int nft_chain_user_rename(struct nft_handle *h,const char *chain, c = nft_chain_find(h, table, chain); if (c == NULL) { errno = ENOENT; - return -1; + return 0; } handle = nftnl_chain_get_u64(c, NFTNL_CHAIN_HANDLE); /* Now prepare the new name for the chain */ c = nftnl_chain_alloc(); if (c == NULL) - return -1; + return 0; nftnl_chain_set(c, NFTNL_CHAIN_TABLE, (char *)table); nftnl_chain_set(c, NFTNL_CHAIN_NAME, (char *)newname); diff --git a/iptables/tests/shell/testcases/iptables/0004-return-codes_0 b/iptables/tests/shell/testcases/iptables/0004-return-codes_0 index 34dffeee..5b6e1f6f 100755 --- a/iptables/tests/shell/testcases/iptables/0004-return-codes_0 +++ b/iptables/tests/shell/testcases/iptables/0004-return-codes_0 @@ -23,6 +23,10 @@ cmd 1 iptables -N foo # iptables-nft allows this - bug or feature? #cmd 2 iptables -N "invalid name" +# test chain rename +cmd 0 iptables -E foo bar +cmd 1 iptables -E foo bar + # test rule adding cmd 0 iptables -A INPUT -j ACCEPT cmd 1 iptables -A noexist -j ACCEPT -- cgit v1.2.3