cache: reset filter for each command

Inconditionally reset filter for each command in the batch, this is safer.

Fixes: 3f1d3912c3a6 ("cache: filter out tables that are not requested")
Tested-by: Eric Garver <eric@garver.life>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/cache.c b/src/cache.c
index 233147649263821594d124365ef6096987a1a85e..5442da35a1294cdfd8015d9e38a92775d6cf7697 100644 (file)
--- a/src/cache.c
+++ b/src/cache.c
@@ -400,6 +400,11 @@ err_name_too_long:
        return -1;
 }
 
+static void reset_filter(struct nft_cache_filter *filter)
+{
+       memset(&filter->list, 0, sizeof(filter->list));
+}
+
 int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds,
                       struct list_head *msgs, struct nft_cache_filter *filter,
                       unsigned int *pflags)
@@ -411,8 +416,7 @@ int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds,
                if (nft_handle_validate(cmd, msgs) < 0)
                        return -1;
 
-               if (filter->list.table && cmd->op != CMD_LIST)
-                       memset(&filter->list, 0, sizeof(filter->list));
+               reset_filter(filter);
 
                switch (cmd->op) {
                case CMD_ADD: