xtables: do not proceed if nft_init fails

Fix a crash if nft_init fails, it happens if nfnetlink support
is not available in your Linux kernel.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/xtables-config.c b/iptables/xtables-config.c
index 12165627ce553c9053c31a64e1faea1779744095..515b18b126787a874889d9ae2d7b4940d46083e2 100644 (file)
--- a/iptables/xtables-config.c
+++ b/iptables/xtables-config.c
@@ -35,7 +35,11 @@ int xtables_config_main(int argc, char *argv[])
        else
                filename = argv[1];
 
-       nft_init(&h);
+       if (nft_init(&h) < 0) {
+                fprintf(stderr, "Failed to initialize nft: %s\n",
+                       strerror(errno));
+               return EXIT_FAILURE;
+       }
 
        return nft_xtables_config_load(&h, filename, NFT_LOAD_VERBOSE) == 0 ?
                                                    EXIT_SUCCESS : EXIT_FAILURE;

diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 4f196fc67c0b8b59ae57972cbb38ad1acc4cbdd2..a5d2a65d60232024b90990aa9b8e1a63ccac7ad6 100644 (file)
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -193,7 +193,13 @@ xtables_restore_main(int argc, char *argv[])
        init_extensions4();
 #endif
 
-       nft_init(&h);
+       if (nft_init(&h) < 0) {
+               fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
+                               xtables_globals.program_name,
+                               xtables_globals.program_version,
+                               strerror(errno));
+               exit(EXIT_FAILURE);
+       }
 
        while ((c = getopt_long(argc, argv, "bcvthnM:T:46", options, NULL)) != -1) {
                switch (c) {

diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 111ad4becd2f70025336b285dfc7c90fa19dd865..49b859dd562906fc9ca2297731b84b8864a5618b 100644 (file)
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -96,7 +96,13 @@ xtables_save_main(int argc, char *argv[])
        init_extensions();
        init_extensions4();
 #endif
-       nft_init(&h);
+       if (nft_init(&h) < 0) {
+               fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
+                               xtables_globals.program_name,
+                               xtables_globals.program_version,
+                               strerror(errno));
+               exit(EXIT_FAILURE);
+       }
 
        while ((c = getopt_long(argc, argv, "bcdt:46", options, NULL)) != -1) {
                switch (c) {

diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c
index 4299506a83aec88207a421637f6b85b96923e9be..3f8b981f2cc361c5d6413615df4608e9dc3f339b 100644 (file)
--- a/iptables/xtables-standalone.c
+++ b/iptables/xtables-standalone.c
@@ -61,7 +61,13 @@ xtables_main(int argc, char *argv[])
        init_extensions4();
 #endif
 
-       nft_init(&h);
+       if (nft_init(&h) < 0) {
+               fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
+                               xtables_globals.program_name,
+                               xtables_globals.program_version,
+                               strerror(errno));
+               exit(EXIT_FAILURE);
+       }
 
        ret = do_commandx(&h, argc, argv, &table);
        if (!ret) {