[PATCH 1/2 nft] mnl: immediately return on errors in mnl_nft_ruleset

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 1/2 nft] mnl: immediately return on errors in mnl_nft_ruleset_dump()
@ 2014-07-12 12:47 Pablo Neira Ayuso
  0 siblings, 0 replies; only message in thread
From: Pablo Neira Ayuso @ 2014-07-12 12:47 UTC (permalink / raw)
  To: netfilter-devel; +Cc: arturo.borrero.glez

If this fails to fetch any of the objects, stop handling inmediately.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/mnl.c |   47 ++++++++++++++++++++++++-----------------------
 1 file changed, 24 insertions(+), 23 deletions(-)

diff --git a/src/mnl.c b/src/mnl.c
index a816106..a843fdc 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -908,41 +908,42 @@ struct nft_ruleset *mnl_nft_ruleset_dump(struct mnl_socket *nf_sock,
 		memory_allocation_error();
 
 	t = mnl_nft_table_dump(nf_sock, family);
-	if (t != NULL)
-		nft_ruleset_attr_set(rs, NFT_RULESET_ATTR_TABLELIST, t);
+	if (t == NULL)
+		goto err;
+
+	nft_ruleset_attr_set(rs, NFT_RULESET_ATTR_TABLELIST, t);
 
 	c = mnl_nft_chain_dump(nf_sock, family);
-	if (c != NULL)
-		nft_ruleset_attr_set(rs, NFT_RULESET_ATTR_CHAINLIST, c);
+	if (c == NULL)
+		goto err;
+
+	nft_ruleset_attr_set(rs, NFT_RULESET_ATTR_CHAINLIST, c);
 
 	sl = mnl_nft_set_dump(nf_sock, family, NULL);
-	if (sl != NULL) {
-		i = nft_set_list_iter_create(sl);
-		s = nft_set_list_iter_next(i);
-		while (s != NULL) {
-			ret = mnl_nft_setelem_get(nf_sock, s);
-			if (ret != 0)
-				goto out;
+	if (sl == NULL)
+		goto err;
 
-			s = nft_set_list_iter_next(i);
-		}
-		nft_set_list_iter_destroy(i);
+	i = nft_set_list_iter_create(sl);
+	s = nft_set_list_iter_next(i);
+	while (s != NULL) {
+		ret = mnl_nft_setelem_get(nf_sock, s);
+		if (ret < 0)
+			goto err;
 
-		nft_ruleset_attr_set(rs, NFT_RULESET_ATTR_SETLIST, sl);
+		s = nft_set_list_iter_next(i);
 	}
+	nft_set_list_iter_destroy(i);
+
+	nft_ruleset_attr_set(rs, NFT_RULESET_ATTR_SETLIST, sl);
 
 	r = mnl_nft_rule_dump(nf_sock, family);
-	if (r != NULL)
-		nft_ruleset_attr_set(rs, NFT_RULESET_ATTR_RULELIST, r);
+	if (r == NULL)
+		goto err;
 
-	if (!(nft_ruleset_attr_is_set(rs, NFT_RULESET_ATTR_TABLELIST)) &&
-	    !(nft_ruleset_attr_is_set(rs, NFT_RULESET_ATTR_CHAINLIST)) &&
-	    !(nft_ruleset_attr_is_set(rs, NFT_RULESET_ATTR_SETLIST)) &&
-	    !(nft_ruleset_attr_is_set(rs, NFT_RULESET_ATTR_RULELIST)))
-		goto out;
+	nft_ruleset_attr_set(rs, NFT_RULESET_ATTR_RULELIST, r);
 
 	return rs;
-out:
+err:
 	nft_ruleset_free(rs);
 	return NULL;
 }
-- 
1.7.10.4


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2014-07-12 12:47 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-07-12 12:47 [PATCH 1/2 nft] mnl: immediately return on errors in mnl_nft_ruleset_dump() Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).