rule: fix segmentation faults on kernels without nftables support

 # nft list sets
 Segmentation fault

 # nft list sets
 <cmdline>:1:1-9: Error: Could not receive sets from kernel: Protocol error
 list sets
 ^^^^^^^^^

Fix same bug in `nft list tables'.

Don't cleanup the table object for these commands since it is NULL.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/rule.c b/src/rule.c
index a79a420316b18382122754ebe00121eb0c21de93..95766646db8ec595d123bcd44ddc5cdfadca4858 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -870,7 +870,7 @@ static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd)
 
                        if (netlink_list_tables(ctx, &cmd->handle,
                                                &cmd->location) < 0)
-                               goto err;
+                               return -1;
 
                        list_for_each_entry(table, &ctx->list, list) {
                                printf("table %s\n", table->handle.table);
@@ -882,11 +882,12 @@ static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd)
                return do_list_table(ctx, cmd, table);
        case CMD_OBJ_SETS:
                if (netlink_list_sets(ctx, &cmd->handle, &cmd->location) < 0)
-                       goto err;
+                       return -1;
+
                list_for_each_entry(set, &ctx->list, list){
                        if (netlink_get_setelems(ctx, &set->handle,
                                                 &cmd->location, set) < 0) {
-                               goto err;
+                               return -1;
                        }
                        set_print(set);
                }