|
 |
bacbc8 |
From 25d8f60537cd6a700b15941032a2b93066938af3 Mon Sep 17 00:00:00 2001
|
|
|
bacbc8 |
From: Phil Sutter <phil@nwl.cc>
|
|
|
bacbc8 |
Date: Tue, 26 Feb 2019 22:13:38 +0100
|
|
|
bacbc8 |
Subject: [PATCH] libnftables: Print errors before freeing commands
|
|
|
bacbc8 |
|
|
|
bacbc8 |
Commands may contain data printed by an error record, so make sure
|
|
|
bacbc8 |
cmd_free() is not called before erec_print_list() has returned.
|
|
|
bacbc8 |
|
|
|
bacbc8 |
Fixes: 778de37d82e7b ("libnftables: Keep cmds list outside of parser_state")
|
|
|
bacbc8 |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
bacbc8 |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
bacbc8 |
(cherry picked from commit a0da4c5bbf0d741fb815a977c945afe1b9a0739f)
|
|
|
bacbc8 |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
bacbc8 |
---
|
|
|
bacbc8 |
src/libnftables.c | 4 ++--
|
|
|
bacbc8 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
bacbc8 |
|
|
|
bacbc8 |
diff --git a/src/libnftables.c b/src/libnftables.c
|
|
|
bacbc8 |
index 640693df93755..5ca8236d8ba03 100644
|
|
|
bacbc8 |
--- a/src/libnftables.c
|
|
|
bacbc8 |
+++ b/src/libnftables.c
|
|
|
bacbc8 |
@@ -457,11 +457,11 @@ int nft_run_cmd_from_buffer(struct nft_ctx *nft, char *buf, size_t buflen)
|
|
|
bacbc8 |
if (nft_netlink(nft, &cmds, &msgs, nft->nf_sock) != 0)
|
|
|
bacbc8 |
rc = -1;
|
|
|
bacbc8 |
err:
|
|
|
bacbc8 |
+ erec_print_list(&nft->output, &msgs, nft->debug_mask);
|
|
|
bacbc8 |
list_for_each_entry_safe(cmd, next, &cmds, list) {
|
|
|
bacbc8 |
list_del(&cmd->list);
|
|
|
bacbc8 |
cmd_free(cmd);
|
|
|
bacbc8 |
}
|
|
|
bacbc8 |
- erec_print_list(&nft->output, &msgs, nft->debug_mask);
|
|
|
bacbc8 |
iface_cache_release();
|
|
|
bacbc8 |
if (nft->scanner) {
|
|
|
bacbc8 |
scanner_destroy(nft->scanner);
|
|
|
bacbc8 |
@@ -497,11 +497,11 @@ int nft_run_cmd_from_filename(struct nft_ctx *nft, const char *filename)
|
|
|
bacbc8 |
if (nft_netlink(nft, &cmds, &msgs, nft->nf_sock) != 0)
|
|
|
bacbc8 |
rc = -1;
|
|
|
bacbc8 |
err:
|
|
|
bacbc8 |
+ erec_print_list(&nft->output, &msgs, nft->debug_mask);
|
|
|
bacbc8 |
list_for_each_entry_safe(cmd, next, &cmds, list) {
|
|
|
bacbc8 |
list_del(&cmd->list);
|
|
|
bacbc8 |
cmd_free(cmd);
|
|
|
bacbc8 |
}
|
|
|
bacbc8 |
- erec_print_list(&nft->output, &msgs, nft->debug_mask);
|
|
|
bacbc8 |
iface_cache_release();
|
|
|
bacbc8 |
if (nft->scanner) {
|
|
|
bacbc8 |
scanner_destroy(nft->scanner);
|
|
|
bacbc8 |
--
|
|
|
bacbc8 |
2.21.0
|
|
|
bacbc8 |
|