18fd73d348
- arptables-nft-helper: Remove bashisms - ebtables-helper: Drop unused variable, add a missing quote - extensions: libxt_string: Avoid buffer size warning for strncpy() - libxtables: Introduce xtables_strdup() and use it everywhere - extensions: libebt_ip6: Use xtables_ip6parse_any() - iptables-apply: Drop unused variable - nft: Avoid buffer size warnings copying iface names - nft: Avoid memleak in error path of nft_cmd_new() - libxtables: Fix memleak in xtopt_parse_hostmask() - extensions: libebt_ip6: Drop unused variables - libxtables: Drop leftover variable in xtables_numeric_to_ip6addr() Resolves: RHBZ#1938745
35 lines
954 B
Diff
35 lines
954 B
Diff
From c5188cd7e1b2d54a63dac25b6f84f2ab26f7b8fc Mon Sep 17 00:00:00 2001
|
|
From: Phil Sutter <phil@nwl.cc>
|
|
Date: Wed, 2 Jun 2021 11:55:20 +0200
|
|
Subject: [PATCH] nft: Avoid memleak in error path of nft_cmd_new()
|
|
|
|
If rule allocation fails, free the allocated 'cmd' before returning to
|
|
caller.
|
|
|
|
Fixes: a7f1e208cdf9c ("nft: split parsing from netlink commands")
|
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
(cherry picked from commit eab75ed36a4f204ddab0c40ba42c5a300634d5c3)
|
|
---
|
|
iptables/nft-cmd.c | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c
|
|
index 5d33f1f00f574..9b0c964847615 100644
|
|
--- a/iptables/nft-cmd.c
|
|
+++ b/iptables/nft-cmd.c
|
|
@@ -35,8 +35,10 @@ struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command,
|
|
|
|
if (state) {
|
|
rule = nft_rule_new(h, chain, table, state);
|
|
- if (!rule)
|
|
+ if (!rule) {
|
|
+ nft_cmd_free(cmd);
|
|
return NULL;
|
|
+ }
|
|
|
|
cmd->obj.rule = rule;
|
|
|
|
--
|
|
2.31.1
|
|
|