From 1c305050b37bef63a255570c27f0eead0cb4b582 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 3 Oct 2018 16:05:32 +0200
Subject: [PATCH] rule: fix memleak in do_get_setelems()

Release set and elements in case of error.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 406d17db7e02f78d258edb38ac8571112ef8c767)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
 src/rule.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/rule.c b/src/rule.c
index 3065cc5474bbf..a157ac91683cc 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1911,17 +1911,15 @@ static int do_get_setelems(struct netlink_ctx *ctx, struct cmd *cmd,
 	/* Fetch from kernel the elements that have been requested .*/
 	err = netlink_get_setelem(ctx, &cmd->handle, &cmd->location,
 				  table, new_set, init);
-	if (err < 0)
-		return err;
-
-	__do_list_set(ctx, cmd, table, new_set);
+	if (err >= 0)
+		__do_list_set(ctx, cmd, table, new_set);
 
 	if (set->flags & NFT_SET_INTERVAL)
 		expr_free(init);
 
 	set_free(new_set);
 
-	return 0;
+	return err;
 }
 
 static int do_command_get(struct netlink_ctx *ctx, struct cmd *cmd)
-- 
2.19.0