From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 22 Jun 2016 17:30:21 +0000 (+0200)
Subject: set_elem: fix return in several error paths of nftnl_set_elems_parse2()
X-Git-Tag: libnftnl-1.0.7~72
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3ec2592cd94a1e16ea1aadf6ff3632260deba600;p=thirdparty%2Flibnftnl.git

set_elem: fix return in several error paths of nftnl_set_elems_parse2()

They don't set ret to anything, and ret is not initialized, so we return
garbage.

Fixes: 59cb13b ("src: fix missing error checking in parser functions")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/set_elem.c b/src/set_elem.c
index 94b50f96..00b73273 100644
--- a/src/set_elem.c
+++ b/src/set_elem.c
@@ -393,8 +393,10 @@ static int nftnl_set_elems_parse2(struct nftnl_set *s, const struct nlattr *nest
         }
 	if (tb[NFTA_SET_ELEM_EXPR]) {
 		e->expr = nftnl_expr_parse(tb[NFTA_SET_ELEM_EXPR]);
-		if (e->expr == NULL)
+		if (e->expr == NULL) {
+			ret = -1;
 			goto out_set_elem;
+		}
 		e->flags |= (1 << NFTNL_SET_ELEM_EXPR);
 	}
 	if (tb[NFTA_SET_ELEM_USERDATA]) {
@@ -406,8 +408,10 @@ static int nftnl_set_elems_parse2(struct nftnl_set *s, const struct nlattr *nest
 
 		e->user.len  = mnl_attr_get_payload_len(tb[NFTA_SET_ELEM_USERDATA]);
 		e->user.data = malloc(e->user.len);
-		if (e->user.data == NULL)
+		if (e->user.data == NULL) {
+			ret = -1;
 			goto out_expr;
+		}
 		memcpy(e->user.data, udata, e->user.len);
 		e->flags |= (1 << NFTNL_RULE_USERDATA);
 	}