nft: Avoid memleak in error path of nft_cmd_new()

If rule allocation fails, free the allocated 'cmd' before returning to
caller.

Fixes: a7f1e208cdf9c ("nft: split parsing from netlink commands")
Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c
index f2b935c57dab401d366c00e7bb0cc651aa2cfde7..c3f6c14e0b99e729482f7d0349192592e6fa2b17 100644 (file)
--- a/iptables/nft-cmd.c
+++ b/iptables/nft-cmd.c
@@ -35,8 +35,10 @@ struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command,
 
        if (state) {
                rule = nft_rule_new(h, chain, table, state);
-               if (!rule)
+               if (!rule) {
+                       nft_cmd_free(cmd);
                        return NULL;
+               }
 
                cmd->obj.rule = rule;