From 381b5569eb256e13346cff902d6ceed42cb441ad Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 5 May 2020 19:36:13 +0200 Subject: nft: Use clear_cs() instead of open coding In a few places, initialized struct iptables_command_state was not fully deinitialized. Change them to call nft_clear_iptables_command_state() which does it properly. Signed-off-by: Phil Sutter --- iptables/nft-ipv4.c | 2 +- iptables/nft-ipv6.c | 2 +- iptables/xtables-arp.c | 4 +--- iptables/xtables.c | 6 +----- 4 files changed, 4 insertions(+), 10 deletions(-) (limited to 'iptables') diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index 70634f8f..69691fe2 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -288,7 +288,7 @@ static void nft_ipv4_print_rule(struct nft_handle *h, struct nftnl_rule *r, if (!(format & FMT_NONEWLINE)) fputc('\n', stdout); - xtables_rule_matches_free(&cs.matches); + nft_clear_iptables_command_state(&cs); } static void save_ipv4_addr(char letter, const struct in_addr *addr, diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c index d01491bf..76f2613d 100644 --- a/iptables/nft-ipv6.c +++ b/iptables/nft-ipv6.c @@ -217,7 +217,7 @@ static void nft_ipv6_print_rule(struct nft_handle *h, struct nftnl_rule *r, if (!(format & FMT_NONEWLINE)) fputc('\n', stdout); - xtables_rule_matches_free(&cs.matches); + nft_clear_iptables_command_state(&cs); } static void save_ipv6_addr(char letter, const struct in6_addr *addr, diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c index a0136059..e64938fb 100644 --- a/iptables/xtables-arp.c +++ b/iptables/xtables-arp.c @@ -1019,9 +1019,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table, free(daddrs); free(dmasks); - if (cs.target) - free(cs.target->t); - + nft_clear_iptables_command_state(&cs); xtables_free_opts(1); /* if (verbose > 1) diff --git a/iptables/xtables.c b/iptables/xtables.c index c180af13..63a37ae8 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -1138,11 +1138,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, *table = p.table; - xtables_rule_matches_free(&cs.matches); - if (cs.target) { - free(cs.target->t); - cs.target->t = NULL; - } + nft_clear_iptables_command_state(&cs); if (h->family == AF_INET) { free(args.s.addr.v4); -- cgit v1.2.3