diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-06-07 17:51:42 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-06-08 00:26:09 +0200 |
| commit | 1f0520a5814226961f79983c0091d07dbd6417eb (patch) | |
| tree | e5ad191878d1fc1cef7f191c310c6e781bd685f9 /tests/shell | |
| parent | 8d1e4ad3a2eebbb880b0ab0c1d2f01e530a15600 (diff) | |
netlink: release dummy rule object from netlink_parse_set_expr()
netlink_parse_set_expr() creates a dummy rule object to reuse the
existing netlink parser. Release the rule object to fix a memleak.
Zap the statement list to avoid a use-after-free since the statement
needs to remain in place after releasing the rule.
==21601==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 2016 byte(s) in 4 object(s) allocated from:
#0 0x7f7824b26330 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9330)
#1 0x7f78245fcebd in xmalloc /home/pablo/devel/scm/git-netfilter/nftables/src/utils.c:36
#2 0x7f78245fd016 in xzalloc /home/pablo/devel/scm/git-netfilter/nftables/src/utils.c:65
#3 0x7f782456f0b5 in rule_alloc /home/pablo/devel/scm/git-netfilter/nftables/src/rule.c:623
Add a test to check for set counters.
SUMMARY: AddressSanitizer: 2016 byte(s) leaked in 4 allocation(s).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell')
| -rwxr-xr-x | tests/shell/testcases/sets/0048set_counters_0 | 18 | ||||
| -rw-r--r-- | tests/shell/testcases/sets/dumps/0048set_counters_0.nft | 13 |
2 files changed, 31 insertions, 0 deletions
diff --git a/tests/shell/testcases/sets/0048set_counters_0 b/tests/shell/testcases/sets/0048set_counters_0 new file mode 100755 index 00000000..e62d25df --- /dev/null +++ b/tests/shell/testcases/sets/0048set_counters_0 @@ -0,0 +1,18 @@ +#!/bin/bash + +set -e + +EXPECTED="table ip x { + set y { + typeof ip saddr + counter + elements = { 192.168.10.35, 192.168.10.101, 192.168.10.135 } + } + + chain z { + type filter hook output priority filter; policy accept; + ip daddr @y + } +}" + +$NFT -f - <<< "$EXPECTED" diff --git a/tests/shell/testcases/sets/dumps/0048set_counters_0.nft b/tests/shell/testcases/sets/dumps/0048set_counters_0.nft new file mode 100644 index 00000000..2145f6b1 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0048set_counters_0.nft @@ -0,0 +1,13 @@ +table ip x { + set y { + typeof ip saddr + counter + elements = { 192.168.10.35 counter packets 0 bytes 0, 192.168.10.101 counter packets 0 bytes 0, + 192.168.10.135 counter packets 0 bytes 0 } + } + + chain z { + type filter hook output priority filter; policy accept; + ip daddr @y + } +} |