From 783e9c2308e0c6a53482482cf7a6c75c975e23be Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 23 Aug 2018 17:43:27 +0200
Subject: xtables: Add missing deinitialization

These fix reports for definitely lost blocks in valgrind. Not really
memleaks, but due to nft_handle going out of scope they're counted as
lost. Still worth fixing though since it reduces noise when auditing
code for real issues.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft-shared.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'iptables/nft-shared.c')

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 62a57dd5..4557f17d 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -682,6 +682,8 @@ void nft_rule_to_iptables_command_state(const struct nftnl_rule *r,
 void nft_clear_iptables_command_state(struct iptables_command_state *cs)
 {
 	xtables_rule_matches_free(&cs->matches);
+	if (cs->target)
+		free(cs->target->t);
 }
 
 void print_header(unsigned int format, const char *chain, const char *pol,
-- 
cgit v1.2.3