From a1d05d4c6ac02bed334c55f611bff08decff89e6 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 25 Nov 2022 19:24:38 +0100 Subject: [PATCH] iptables-restore: Free handle with --test also When running 'iptables-restore -t', valgrind reports: 1,496 (160 direct, 1,336 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 4 at 0x48417E5: malloc (vg_replace_malloc.c:381) by 0x4857A46: alloc_handle (libiptc.c:1279) by 0x4857A46: iptc_init (libiptc.c:1342) by 0x1167CE: create_handle (iptables-restore.c:72) by 0x1167CE: ip46tables_restore_main (iptables-restore.c:229) by 0x116DAE: iptables_restore_main (iptables-restore.c:388) by 0x49A2349: (below main) (in /lib64/libc.so.6) Free the handle pointer before parsing the next table. Fixes: 1c9015b2cb483 ("libiptc: remove indirections") Signed-off-by: Phil Sutter (cherry picked from commit 18880dbde615449d00a3e38f3713a19d4566258e) --- iptables/iptables-restore.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c index a34d95015c93c..3b821467db355 100644 --- a/iptables/iptables-restore.c +++ b/iptables/iptables-restore.c @@ -187,12 +187,12 @@ ip46tables_restore_main(const struct iptables_restore_cb *cb, if (!testing) { DEBUGP("Calling commit\n"); ret = cb->ops->commit(handle); - cb->ops->free(handle); - handle = NULL; } else { DEBUGP("Not calling commit, testing\n"); ret = 1; } + cb->ops->free(handle); + handle = NULL; /* Done with the current table, release the lock. */ if (lock >= 0) { -- 2.40.0