nftables/SOURCES/0013-rule-fix-memleak-in-do_get_setelems.patch

From 1c305050b37bef63a255570c27f0eead0cb4b582 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 3 Oct 2018 16:05:32 +0200
Subject: [PATCH] rule: fix memleak in do_get_setelems()

Release set and elements in case of error.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 406d17db7e02f78d258edb38ac8571112ef8c767)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
 src/rule.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/rule.c b/src/rule.c
index 3065cc5474bbf..a157ac91683cc 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1911,17 +1911,15 @@ static int do_get_setelems(struct netlink_ctx *ctx, struct cmd *cmd,
 	/* Fetch from kernel the elements that have been requested .*/
 	err = netlink_get_setelem(ctx, &cmd->handle, &cmd->location,
 				  table, new_set, init);
-	if (err < 0)
-		return err;
-
-	__do_list_set(ctx, cmd, table, new_set);
+	if (err >= 0)
+		__do_list_set(ctx, cmd, table, new_set);
 
 	if (set->flags & NFT_SET_INTERVAL)
 		expr_free(init);
 
 	set_free(new_set);
 
-	return 0;
+	return err;
 }
 
 static int do_command_get(struct netlink_ctx *ctx, struct cmd *cmd)
-- 
2.19.0
import nftables-0.9.0-8.el8 2019-08-02 16:21:10 +00:00			`From 1c305050b37bef63a255570c27f0eead0cb4b582 Mon Sep 17 00:00:00 2001`
			`From: Pablo Neira Ayuso <pablo@netfilter.org>`
			`Date: Wed, 3 Oct 2018 16:05:32 +0200`
			`Subject: [PATCH] rule: fix memleak in do_get_setelems()`

			`Release set and elements in case of error.`

			`Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>`
			`(cherry picked from commit 406d17db7e02f78d258edb38ac8571112ef8c767)`
			`Signed-off-by: Phil Sutter <psutter@redhat.com>`
			`---`
			`src/rule.c \| 8 +++-----`
			`1 file changed, 3 insertions(+), 5 deletions(-)`

			`diff --git a/src/rule.c b/src/rule.c`
			`index 3065cc5474bbf..a157ac91683cc 100644`
			`--- a/src/rule.c`
			`+++ b/src/rule.c`
			`@@ -1911,17 +1911,15 @@ static int do_get_setelems(struct netlink_ctx ctx, struct cmd cmd,`
			`/* Fetch from kernel the elements that have been requested .*/`
			`err = netlink_get_setelem(ctx, &cmd->handle, &cmd->location,`
			`table, new_set, init);`
			`- if (err < 0)`
			`- return err;`
			`-`
			`- __do_list_set(ctx, cmd, table, new_set);`
			`+ if (err >= 0)`
			`+ __do_list_set(ctx, cmd, table, new_set);`

			`if (set->flags & NFT_SET_INTERVAL)`
			`expr_free(init);`

			`set_free(new_set);`

			`- return 0;`
			`+ return err;`
			`}`

			`static int do_command_get(struct netlink_ctx ctx, struct cmd cmd)`
			`--`
			`2.19.0`