git.ipfire.org Git - thirdparty/nftables.git/commit

author	Eric Jallot <ejallot@gmail.com>
	Mon, 30 Sep 2019 08:38:23 +0000 (10:38 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 30 Sep 2019 09:09:38 +0000 (11:09 +0200)
commit	85299177c2cb5516de7550a42fcbe80436f033ab
tree	d490e1835e182fa190edd7ed99cafbd139cc4ccc	tree
parent	11c0d38e18db57c405bcc9415d03e9e40aeac597	commit \| diff

src: obj: fix memleak in handle_free()

Using limit object as example:

# valgrind --leak-check=full nft list ruleset
==9937== Memcheck, a memory error detector
==9937== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==9937== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==9937== Command: nft list ruleset
==9937==
table inet raw {
         limit lim1 {
                 rate 1/second
         }
}
==9937==
==9937== HEAP SUMMARY:
==9937==     in use at exit: 5 bytes in 1 blocks
==9937==   total heap usage: 50 allocs, 49 frees, 212,065 bytes allocated
==9937==
==9937== 5 bytes in 1 blocks are definitely lost in loss record 1 of 1
==9937==    at 0x4C29EA3: malloc (vg_replace_malloc.c:309)
==9937==    by 0x5C65AA9: strdup (strdup.c:42)
==9937==    by 0x4E720A3: xstrdup (utils.c:75)
==9937==    by 0x4E660FF: netlink_delinearize_obj (netlink.c:972)
==9937==    by 0x4E6641C: list_obj_cb (netlink.c:1064)
==9937==    by 0x50E8993: nftnl_obj_list_foreach (object.c:494)
==9937==    by 0x4E664EA: netlink_list_objs (netlink.c:1085)
==9937==    by 0x4E4FE82: cache_init_objects (rule.c:188)
==9937==    by 0x4E4FE82: cache_init (rule.c:221)
==9937==    by 0x4E4FE82: cache_update (rule.c:271)
==9937==    by 0x4E7716E: nft_evaluate (libnftables.c:406)
==9937==    by 0x4E778F7: nft_run_cmd_from_buffer (libnftables.c:447)
==9937==    by 0x40170F: main (main.c:326)

Fixes: 4756d92e517ae ("src: listing of stateful objects")
Signed-off-by: Eric Jallot <ejallot@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>