diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-07-06 13:21:34 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-07-07 08:29:20 +0200 |
commit | 8a6cdfaff058412b3d0efec45541cd7d610aeefa (patch) | |
tree | b0e0eb3ed7f83575e29cd1b39d6469d8c27847b0 | |
parent | e17337df677b1c90c4cbcc3c1576f0cbf13d5e9f (diff) |
cache: release pending rules when chain binding lookup fails
If the implicit chain is not in the cache, release pending rules in
ctx->list and report EINTR to let the cache core retry to populate a
consistent cache.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1402
Fixes: c330152b7f77 ("src: support for implicit chain bindings")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/cache.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/cache.c b/src/cache.c index fd8df884..b6ae2310 100644 --- a/src/cache.c +++ b/src/cache.c @@ -847,12 +847,21 @@ static int rule_init_cache(struct netlink_ctx *ctx, struct table *table, chain = chain_binding_lookup(table, rule->handle.chain.name); if (!chain) - return -1; + goto err_ctx_list; list_move_tail(&rule->list, &chain->rules); } return ret; + +err_ctx_list: + list_for_each_entry_safe(rule, nrule, &ctx->list, list) { + list_del(&rule->list); + rule_free(rule); + } + errno = EINTR; + + return -1; } static int implicit_chain_cache(struct netlink_ctx *ctx, struct table *table, |