From: Phil Sutter <phil@nwl.cc>
Date: Thu, 2 Aug 2018 15:05:08 +0000 (+0200)
Subject: xtables: Allocate rule cache just once
X-Git-Tag: v1.8.1~114
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c2594475dd270e3a81033fed2e5251dbd5ce319b;p=thirdparty%2Fiptables.git

xtables: Allocate rule cache just once

For each parsed table, xtables-restore calls nft_table_flush() which
each time allocates a new rule cache, possibly overwriting the pointer
to the previously allocated one. Fix this by checking the pointer value
and only allocate if it's NULL.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/iptables/nft.c b/iptables/nft.c
index a9cb92ed..d5c4c766 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1867,9 +1867,11 @@ next:
 		t = nftnl_table_list_iter_next(iter);
 	}
 
-	h->rule_cache = nftnl_rule_list_alloc();
-	if (h->rule_cache == NULL)
-		return -1;
+	if (!h->rule_cache) {
+		h->rule_cache = nftnl_rule_list_alloc();
+		if (h->rule_cache == NULL)
+			return -1;
+	}
 
 err_table_iter:
 	nftnl_table_list_iter_destroy(iter);