From: Phil Sutter <phil@nwl.cc>
To: netfilter-devel@vger.kernel.org
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [iptables PATCH 6/7] xshared: Introduce xtables_clear_args()
Date: Thu, 1 Feb 2024 14:50:56 +0100 [thread overview]
Message-ID: <20240201135057.24828-7-phil@nwl.cc> (raw)
In-Reply-To: <20240201135057.24828-1-phil@nwl.cc>
Perform struct xtables_args object deinit in a common place, even though
it merely consists of freeing any IP addresses and masks.
This fixes for a memleak in arptables-translate as the check for
h->family didn't catch the value NFPROTO_ARP.
Fixes: 5b7324e0675e3 ("nft-arp: add arptables-translate")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
iptables/ip6tables.c | 5 +----
iptables/iptables.c | 5 +----
iptables/xshared.c | 8 ++++++++
iptables/xshared.h | 2 ++
iptables/xtables-translate.c | 12 +-----------
iptables/xtables.c | 5 +----
6 files changed, 14 insertions(+), 23 deletions(-)
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 4b5d4ac6878b7..f9ae18aed8041 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -892,10 +892,7 @@ int do_command6(int argc, char *argv[], char **table,
e = NULL;
}
- free(saddrs);
- free(smasks);
- free(daddrs);
- free(dmasks);
+ xtables_clear_args(&args);
xtables_free_opts(1);
return ret;
diff --git a/iptables/iptables.c b/iptables/iptables.c
index 5ae28fe04a5f5..8eb043e9b736e 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -887,10 +887,7 @@ int do_command4(int argc, char *argv[], char **table,
e = NULL;
}
- free(saddrs);
- free(smasks);
- free(daddrs);
- free(dmasks);
+ xtables_clear_args(&args);
xtables_free_opts(1);
return ret;
diff --git a/iptables/xshared.c b/iptables/xshared.c
index 7d073891ed5c3..0b2724a3e5162 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -2185,3 +2185,11 @@ make_delete_mask(const struct xtables_rule_match *matches,
return mask;
}
+
+void xtables_clear_args(struct xtables_args *args)
+{
+ free(args->s.addr.ptr);
+ free(args->s.mask.ptr);
+ free(args->d.addr.ptr);
+ free(args->d.mask.ptr);
+}
diff --git a/iptables/xshared.h b/iptables/xshared.h
index 2a9cdf45f581a..7d4035ec03e52 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -333,4 +333,6 @@ unsigned char *make_delete_mask(const struct xtables_rule_match *matches,
void iface_to_mask(const char *ifname, unsigned char *mask);
+void xtables_clear_args(struct xtables_args *args);
+
#endif /* IPTABLES_XSHARED_H */
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index ad44311230323..8ebe523c447f2 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -349,17 +349,7 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[],
h->ops->clear_cs(&cs);
- if (h->family == AF_INET) {
- free(args.s.addr.v4);
- free(args.s.mask.v4);
- free(args.d.addr.v4);
- free(args.d.mask.v4);
- } else if (h->family == AF_INET6) {
- free(args.s.addr.v6);
- free(args.s.mask.v6);
- free(args.d.addr.v6);
- free(args.d.mask.v6);
- }
+ xtables_clear_args(&args);
xtables_free_opts(1);
return ret;
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 22d6ea58376fc..5d73481c25761 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -264,10 +264,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
h->ops->clear_cs(&cs);
- free(args.s.addr.ptr);
- free(args.s.mask.ptr);
- free(args.d.addr.ptr);
- free(args.d.mask.ptr);
+ xtables_clear_args(&args);
xtables_free_opts(1);
return ret;
--
2.43.0
next prev parent reply other threads:[~2024-02-01 13:51 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-01 13:50 [iptables PATCH 0/7] A number of ASAN-identified fixes Phil Sutter
2024-02-01 13:50 ` [iptables PATCH 1/7] tests: iptables-test: Increase non-fast mode strictness Phil Sutter
2024-02-01 13:50 ` [iptables PATCH 2/7] nft: ruleparse: Add missing braces around ternary Phil Sutter
2024-02-01 13:50 ` [iptables PATCH 3/7] libxtables: Fix memleak of matches' udata Phil Sutter
2024-02-01 13:50 ` [iptables PATCH 4/7] xtables-eb: Eliminate 'opts' define Phil Sutter
2024-02-01 13:50 ` [iptables PATCH 5/7] xshared: Fix for memleak in option merging with ebtables Phil Sutter
2024-02-01 13:50 ` Phil Sutter [this message]
2024-02-01 13:50 ` [iptables PATCH 7/7] ebtables: Fix for memleak with change counters command Phil Sutter
2024-02-06 23:15 ` [iptables PATCH 0/7] A number of ASAN-identified fixes Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240201135057.24828-7-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).