From 91ae12e3f1c3b78acfb7b7c88e4d5a61efdb1d63 Mon Sep 17 00:00:00 2001 From: "Pablo M. Bermudo Garay" Date: Tue, 8 Aug 2017 20:53:45 +0200 Subject: xtables-compat-restore: fix several memory leaks The following memory leaks are detected by valgrind when ip[6]tables-compat-restore is executed: valgrind --leak-check=full iptables-compat-restore test-ruleset ==2548== 16 bytes in 1 blocks are definitely lost in loss record 1 of 20 ==2548== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711) ==2548== by 0x4E39D67: __mnl_socket_open (socket.c:110) ==2548== by 0x4E39DDE: mnl_socket_open (socket.c:133) ==2548== by 0x11A48E: nft_init (nft.c:765) ==2548== by 0x11589F: xtables_restore_main (xtables-restore.c:463) ==2548== by 0x115B88: xtables_ip4_restore_main (xtables-restore.c:534) ==2548== by 0x12FF39: subcmd_main (xshared.c:211) ==2548== by 0x10F63C: main (xtables-compat-multi.c:41) ==2548== ==2548== 16 bytes in 1 blocks are definitely lost in loss record 2 of 20 ==2548== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711) ==2548== by 0x504C7CD: nftnl_chain_list_alloc (chain.c:874) ==2548== by 0x11B2DB: nftnl_chain_list_get (nft.c:1194) ==2548== by 0x11B377: nft_chain_dump (nft.c:1210) ==2548== by 0x114DF9: get_chain_list (xtables-restore.c:167) ==2548== by 0x114EF8: xtables_restore_parse (xtables-restore.c:217) ==2548== by 0x115B43: xtables_restore_main (xtables-restore.c:526) ==2548== by 0x115B88: xtables_ip4_restore_main (xtables-restore.c:534) ==2548== by 0x12FF39: subcmd_main (xshared.c:211) ==2548== by 0x10F63C: main (xtables-compat-multi.c:41) ==2548== ==2548== 40 bytes in 1 blocks are definitely lost in loss record 5 of 20 ==2548== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711) ==2548== by 0x56ABB99: xtables_calloc (xtables.c:291) ==2548== by 0x116DA7: command_jump (xtables.c:623) ==2548== by 0x117D5B: do_parse (xtables.c:923) ==2548== by 0x1188BA: do_commandx (xtables.c:1183) ==2548== by 0x115655: xtables_restore_parse (xtables-restore.c:405) ==2548== by 0x115B43: xtables_restore_main (xtables-restore.c:526) ==2548== by 0x115B88: xtables_ip4_restore_main (xtables-restore.c:534) ==2548== by 0x12FF39: subcmd_main (xshared.c:211) ==2548== by 0x10F63C: main (xtables-compat-multi.c:41) ==2548== ==2548== 40 bytes in 1 blocks are definitely lost in loss record 6 of 20 ==2548== at 0x4C2BBAF: malloc (vg_replace_malloc.c:299) ==2548== by 0x4E3AE07: mnl_nlmsg_batch_start (nlmsg.c:441) ==2548== by 0x1192B7: mnl_nftnl_batch_alloc (nft.c:106) ==2548== by 0x11931A: mnl_nftnl_batch_page_add (nft.c:122) ==2548== by 0x11DB0C: nft_action (nft.c:2402) ==2548== by 0x11DB65: nft_commit (nft.c:2413) ==2548== by 0x114FBB: xtables_restore_parse (xtables-restore.c:238) ==2548== by 0x115B43: xtables_restore_main (xtables-restore.c:526) ==2548== by 0x115B88: xtables_ip4_restore_main (xtables-restore.c:534) ==2548== by 0x12FF39: subcmd_main (xshared.c:211) ==2548== by 0x10F63C: main (xtables-compat-multi.c:41) ==2548== ==2548== 80 bytes in 5 blocks are definitely lost in loss record 8 of 20 ==2548== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711) ==2548== by 0x50496FE: nftnl_table_list_alloc (table.c:433) ==2548== by 0x11DF88: nft_xtables_config_load (nft.c:2539) ==2548== by 0x11B037: nft_rule_append (nft.c:1116) ==2548== by 0x116639: add_entry (xtables.c:429) ==2548== by 0x118A3B: do_commandx (xtables.c:1187) ==2548== by 0x115655: xtables_restore_parse (xtables-restore.c:405) ==2548== by 0x115B43: xtables_restore_main (xtables-restore.c:526) ==2548== by 0x115B88: xtables_ip4_restore_main (xtables-restore.c:534) ==2548== by 0x12FF39: subcmd_main (xshared.c:211) ==2548== by 0x10F63C: main (xtables-compat-multi.c:41) ==2548== ==2548== 80 bytes in 5 blocks are definitely lost in loss record 9 of 20 ==2548== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711) ==2548== by 0x504C7CD: nftnl_chain_list_alloc (chain.c:874) ==2548== by 0x11DF91: nft_xtables_config_load (nft.c:2540) ==2548== by 0x11B037: nft_rule_append (nft.c:1116) ==2548== by 0x116639: add_entry (xtables.c:429) ==2548== by 0x118A3B: do_commandx (xtables.c:1187) ==2548== by 0x115655: xtables_restore_parse (xtables-restore.c:405) ==2548== by 0x115B43: xtables_restore_main (xtables-restore.c:526) ==2548== by 0x115B88: xtables_ip4_restore_main (xtables-restore.c:534) ==2548== by 0x12FF39: subcmd_main (xshared.c:211) ==2548== by 0x10F63C: main (xtables-compat-multi.c:41) ==2548== ==2548== 135,168 bytes in 1 blocks are definitely lost in loss record 19 of 20 ==2548== at 0x4C2BBAF: malloc (vg_replace_malloc.c:299) ==2548== by 0x119280: mnl_nftnl_batch_alloc (nft.c:102) ==2548== by 0x11A51F: nft_init (nft.c:777) ==2548== by 0x11589F: xtables_restore_main (xtables-restore.c:463) ==2548== by 0x115B88: xtables_ip4_restore_main (xtables-restore.c:534) ==2548== by 0x12FF39: subcmd_main (xshared.c:211) ==2548== by 0x10F63C: main (xtables-compat-multi.c:41) An additional leak occurs if a rule-set already exits: ==2735== 375 (312 direct, 63 indirect) bytes in 3 blocks are definitely lost in loss record 19 of 24 ==2735== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711) ==2735== by 0x504AAE9: nftnl_chain_alloc (chain.c:92) ==2735== by 0x11B1F1: nftnl_chain_list_cb (nft.c:1172) ==2735== by 0x4E3A2E8: __mnl_cb_run (callback.c:78) ==2735== by 0x4E3A4A7: mnl_cb_run (callback.c:162) ==2735== by 0x11920D: mnl_talk (nft.c:70) ==2735== by 0x11B343: nftnl_chain_list_get (nft.c:1203) ==2735== by 0x11B377: nft_chain_dump (nft.c:1210) ==2735== by 0x114DF9: get_chain_list (xtables-restore.c:167) ==2735== by 0x114EF8: xtables_restore_parse (xtables-restore.c:217) ==2735== by 0x115B43: xtables_restore_main (xtables-restore.c:526) ==2735== by 0x115B88: xtables_ip4_restore_main (xtables-restore.c:534) Fix these memory leaks. Signed-off-by: Pablo M. Bermudo Garay Signed-off-by: Pablo Neira Ayuso --- iptables/xtables.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'iptables/xtables.c') diff --git a/iptables/xtables.c b/iptables/xtables.c index 286866f7..ac113254 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -1281,6 +1281,8 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, *table = p.table; xtables_rule_matches_free(&cs.matches); + if (cs.target) + free(cs.target->t); if (h->family == AF_INET) { free(args.s.addr.v4); -- cgit v1.2.3