nft: Fix leak when replacing a rule

If nft_rule_append() is called with a reference rule, it is supposed to
insert the new rule at the reference position and then remove the
reference from cache. Instead, it removed the new rule from cache again
right after inserting it. Also, it missed to free the removed rule.

Fixes: 5ca9acf51adf9 ("xtables: Fix position of replaced rules in cache")
Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/nft.c b/iptables/nft.c
index 01268f7859e9bed30cbdfd447fb700ac4292d650..3c0daa8d42529e77c8e36d61305ae1344aaae26a 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1429,7 +1429,8 @@ nft_rule_append(struct nft_handle *h, const char *chain, const char *table,
 
        if (ref) {
                nftnl_chain_rule_insert_at(r, ref);
-               nftnl_chain_rule_del(r);
+               nftnl_chain_rule_del(ref);
+               nftnl_rule_free(ref);
        } else {
                c = nft_chain_find(h, table, chain);
                if (!c) {