xtables: Catch errors when zeroing rule rounters

Covscan complained about call to batch_rule_add() not being checked.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/iptables/nft.c b/iptables/nft.c
index 2fa973cf0397521b1dab9b5d85fb6408ec11975b..8d0d10177f5eda2fde535b24d89c74da6e590af1 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2991,7 +2991,9 @@ static int __nft_chain_zero_counters(struct nftnl_chain *c, void *data)
                         * rule based on its handle only.
                         */
                        nftnl_rule_unset(r, NFTNL_RULE_POSITION);
-                       batch_rule_add(h, NFT_COMPAT_RULE_REPLACE, r);
+                       ret = batch_rule_add(h, NFT_COMPAT_RULE_REPLACE, r);
+                       if (ret)
+                               return -1;
                }
                r = nftnl_rule_iter_next(iter);
        }