37 lines
982 B
Diff
37 lines
982 B
Diff
From eab75ed36a4f204ddab0c40ba42c5a300634d5c3 Mon Sep 17 00:00:00 2001
|
|
From: Phil Sutter <phil@nwl.cc>
|
|
Date: Wed, 2 Jun 2021 11:55:20 +0200
|
|
Subject: nft: Avoid memleak in error path of nft_cmd_new()
|
|
|
|
If rule allocation fails, free the allocated 'cmd' before returning to
|
|
caller.
|
|
|
|
Fixes: a7f1e208cdf9c ("nft: split parsing from netlink commands")
|
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
|
Conflict:NA
|
|
Reference:https://git.netfilter.org/iptables/commit/?id=eab75ed36a4f204ddab0c40ba42c5a300634d5c3
|
|
---
|
|
iptables/nft-cmd.c | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c
|
|
index f2b935c5..c3f6c14e 100644
|
|
--- a/iptables/nft-cmd.c
|
|
+++ b/iptables/nft-cmd.c
|
|
@@ -35,8 +35,10 @@ struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command,
|
|
|
|
if (state) {
|
|
rule = nft_rule_new(h, chain, table, state);
|
|
- if (!rule)
|
|
+ if (!rule) {
|
|
+ nft_cmd_free(cmd);
|
|
return NULL;
|
|
+ }
|
|
|
|
cmd->obj.rule = rule;
|
|
|
|
--
|
|
cgit v1.2.3
|
|
|