From: Phil Sutter <phil@nwl.cc>
Date: Wed, 31 Jan 2024 21:45:07 +0000 (+0100)
Subject: ebtables: Fix for memleak with change counters command
X-Git-Tag: v1.8.11~86
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=11c77ed471f2d8a6dc60c17aef1e1a3b52ff3591;p=thirdparty%2Fiptables.git

ebtables: Fix for memleak with change counters command

Just like with check command, change counters command creates a
temporary rule from rulespec on command line for a search by spec in
rule cache. It is not used anymore afterwards, so nft_cmd_free() should
free it.

Fixes: f340b7b6816be ("ebtables: Implement --change-counters command")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---

diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c
index 8372d171..b38da9bd 100644
--- a/iptables/nft-cmd.c
+++ b/iptables/nft-cmd.c
@@ -65,6 +65,7 @@ void nft_cmd_free(struct nft_cmd *cmd)
 	switch (cmd->command) {
 	case NFT_COMPAT_RULE_CHECK:
 	case NFT_COMPAT_RULE_DELETE:
+	case NFT_COMPAT_RULE_CHANGE_COUNTERS:
 		if (cmd->obj.rule)
 			nftnl_rule_free(cmd->obj.rule);
 		break;