From: Phil Sutter <phil@nwl.cc>
Date: Tue, 5 May 2020 11:41:43 +0000 (+0200)
Subject: nft: Fix leak when deleting rules
X-Git-Tag: v1.8.5~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bbf0db5057fd39c793ab88efd7daa1fa4347cec2;p=thirdparty%2Fiptables.git

nft: Fix leak when deleting rules

For NFT_COMPAT_RULE_DELETE jobs, batch_obj_del() has to do the rule
freeing, they are no longer in cache.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---

diff --git a/iptables/nft.c b/iptables/nft.c
index c0b5e2fc..01268f78 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2680,8 +2680,8 @@ static void batch_obj_del(struct nft_handle *h, struct obj_update *o)
 	case NFT_COMPAT_RULE_APPEND:
 	case NFT_COMPAT_RULE_INSERT:
 	case NFT_COMPAT_RULE_REPLACE:
-	case NFT_COMPAT_RULE_DELETE:
 		break;
+	case NFT_COMPAT_RULE_DELETE:
 	case NFT_COMPAT_RULE_FLUSH:
 		nftnl_rule_free(o->rule);
 		break;