xtables: Fix error return code in nft_chain_user_rename()

If the chain to rename wasn't found, the function would return -1 which
got interpreted as success.

Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/nft.c b/iptables/nft.c
index 5967b65252d40f4fb9311762a15c57469d1b41d5..e8538d38e01097fc458667805a9802a7190550db 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1750,14 +1750,14 @@ int nft_chain_user_rename(struct nft_handle *h,const char *chain,
        c = nft_chain_find(h, table, chain);
        if (c == NULL) {
                errno = ENOENT;
-               return -1;
+               return 0;
        }
        handle = nftnl_chain_get_u64(c, NFTNL_CHAIN_HANDLE);
 
        /* Now prepare the new name for the chain */
        c = nftnl_chain_alloc();
        if (c == NULL)
-               return -1;
+               return 0;
 
        nftnl_chain_set(c, NFTNL_CHAIN_TABLE, (char *)table);
        nftnl_chain_set(c, NFTNL_CHAIN_NAME, (char *)newname);

diff --git a/iptables/tests/shell/testcases/iptables/0004-return-codes_0 b/iptables/tests/shell/testcases/iptables/0004-return-codes_0
index 34dffeee4604af2f209ea60e6244d331e4df1760..5b6e1f6f1bc7a195d28db14bc37b17649e56f1d0 100755 (executable)
--- a/iptables/tests/shell/testcases/iptables/0004-return-codes_0
+++ b/iptables/tests/shell/testcases/iptables/0004-return-codes_0
@@ -23,6 +23,10 @@ cmd 1 iptables -N foo
 # iptables-nft allows this - bug or feature?
 #cmd 2 iptables -N "invalid name"
 
+# test chain rename
+cmd 0 iptables -E foo bar
+cmd 1 iptables -E foo bar
+
 # test rule adding
 cmd 0 iptables -A INPUT -j ACCEPT
 cmd 1 iptables -A noexist -j ACCEPT