nft: cache: Review flush_cache()

While fixing for iptables-nft-restore under stress, I managed to hit
NULL-pointer deref in flush_cache(). Given that nftnl_*_list_free()
functions are not NULL-pointer tolerant, better make sure such are not
passed by accident.

Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
index 0429fb32f2ed014c0b760ab51460acf64cb04e74..0dd131e1f70f5cfab659250f5f8817fefd9e1082 100644 (file)
--- a/iptables/nft-cache.c
+++ b/iptables/nft-cache.c
@@ -603,17 +603,19 @@ static int flush_cache(struct nft_handle *h, struct nft_cache *c,
                if (h->tables[i].name == NULL)
                        continue;
 
-               if (!c->table[i].chains)
-                       continue;
-
-               nftnl_chain_list_free(c->table[i].chains);
-               c->table[i].chains = NULL;
-               if (c->table[i].sets)
+               if (c->table[i].chains) {
+                       nftnl_chain_list_free(c->table[i].chains);
+                       c->table[i].chains = NULL;
+               }
+               if (c->table[i].sets) {
                        nftnl_set_list_free(c->table[i].sets);
-               c->table[i].sets = NULL;
+                       c->table[i].sets = NULL;
+               }
+       }
+       if (c->tables) {
+               nftnl_table_list_free(c->tables);
+               c->tables = NULL;
        }
-       nftnl_table_list_free(c->tables);
-       c->tables = NULL;
 
        return 1;
 }