From patchwork Tue Aug  8 18:53:46 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Pablo M. Bermudo Garay" <pablombg@gmail.com>
X-Patchwork-Id: 799405
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="jzQQmZKz"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3xRk8H14bMz9s81
	for <incoming@patchwork.ozlabs.org>;
	Wed,  9 Aug 2017 04:54:07 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752184AbdHHSyG (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Tue, 8 Aug 2017 14:54:06 -0400
Received: from mail-wm0-f66.google.com ([74.125.82.66]:34205 "EHLO
	mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752092AbdHHSyF (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Tue, 8 Aug 2017 14:54:05 -0400
Received: by mail-wm0-f66.google.com with SMTP id x64so4383080wmg.1
	for <netfilter-devel@vger.kernel.org>;
	Tue, 08 Aug 2017 11:54:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=sli7POq7wcmBbAwPE86gDOnqE0MgJXIlKdJy9F9fPQU=;
	b=jzQQmZKzVa7L9cWJnVckrfcAmX3A/6Lj6b8/wgDJ13VRLEeGJmzgP7UC7D6wTzdSCk
	uvTGKGwnguhSQesfqkKrCGk9/dJTy+wk66wYMga09Z013DKqJnfn81F0iFJ9NfHMqEgf
	GC9GqX16yZvlTWpTYArmWgnKLTYfGaN8O2EmOLdBYnPemDI8o7ZHhkkWCXb/BQnDEWWe
	8UR0wUHOlZSfcBc+MbLNAKb+tas0Pu0J/56gPmB34wb6SQOihj8g7IvJuCZAIKhOEvmH
	mA/KjCTWuO5WzhXGzp1ntvJ6SzG5tpqrEPnrdP/5qbrSI1zIYV1FioE+5GJxQ9W0kSbD
	LuCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=sli7POq7wcmBbAwPE86gDOnqE0MgJXIlKdJy9F9fPQU=;
	b=AVXn7fwd1QT4QuQ3bdM+s8gKvUSQ54g8uONdMHOZpqi3yVuCWIkBpFcXoxbjNE1nbL
	Ka2Qkgxx5QLjjKLvHmexcHj2UmJltWLhLYj3GQeehb9r8LPjau7/U5FWgTnfGF+wJ6LA
	d7oIvm6lciiDuXq5ocwPOjsW+8aAfLIE8Picf5ftKa/F/BYYvHDVmRZQQTRvK/Vr3Z5L
	pBJOVg5srZHGAE6U3c+7DuvxWoNoa2KqiGwFmJn6dwnFod07tSofK1TUR3x9a4YEFneq
	MGDWX7ncBMEHKiKt0Q4oamHsI29CVcsZNOC6n+ywj/qS0TdcWUBimlHdgRoqQD/QTeP4
	naIg==
X-Gm-Message-State: AHYfb5gtX+609aIaYYjd/0TPWEBAQkHOPgovuHMazIvsJiH4G8T3iamq
	ES7Vf5hLTMwyskNa0VU=
X-Received: by 10.28.128.213 with SMTP id b204mr3264643wmd.128.1502218443717;
	Tue, 08 Aug 2017 11:54:03 -0700 (PDT)
Received: from localhost.localdomain
	(43.red-79-157-100.dynamicip.rima-tde.net. [79.157.100.43])
	by smtp.gmail.com with ESMTPSA id
	v44sm3670131wrb.53.2017.08.08.11.54.02
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 08 Aug 2017 11:54:03 -0700 (PDT)
From: "Pablo M. Bermudo Garay" <pablombg@gmail.com>
To: netfilter-devel@vger.kernel.org
Cc: pablo@netfilter.org, "Pablo M. Bermudo Garay" <pablombg@gmail.com>
Subject: [PATCH iptables 2/2] xtables-compat: fix memory leak when listing
Date: Tue,  8 Aug 2017 20:53:46 +0200
Message-Id: <20170808185346.3183-2-pablombg@gmail.com>
X-Mailer: git-send-email 2.13.2
In-Reply-To: <20170808185346.3183-1-pablombg@gmail.com>
References: <20170808185346.3183-1-pablombg@gmail.com>
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

The following memory leaks are detected by valgrind when
ip[6]tables-compat is used for listing operations:

==1604== 1,064 (120 direct, 944 indirect) bytes in 5 blocks are definitely lost in loss record 21 of 27
==1604==    at 0x4C2BBEF: malloc (vg_replace_malloc.c:299)
==1604==    by 0x56ABB78: xtables_malloc (in /usr/local/lib/libxtables.so.12.0.0)
==1604==    by 0x56AC7D3: xtables_find_match (in /usr/local/lib/libxtables.so.12.0.0)
==1604==    by 0x11F502: nft_parse_match (in /usr/local/sbin/xtables-compat-multi)
==1604==    by 0x11FC7B: nft_rule_to_iptables_command_state (in /usr/local/sbin/xtables-compat-multi)
==1604==    by 0x1218C0: nft_ipv4_print_firewall (nft-ipv4.c:301)
==1604==    by 0x11CBEB: __nft_rule_list (nft.c:2042)
==1604==    by 0x11CEA4: nft_rule_list (nft.c:2126)
==1604==    by 0x116A7F: list_entries (xtables.c:592)
==1604==    by 0x118B26: do_commandx (xtables.c:1233)
==1604==    by 0x115AE8: xtables_main (in /usr/local/sbin/xtables-compat-multi)
==1604==    by 0x115BCB: xtables_ip4_main (in /usr/local/sbin/xtables-compat-multi)
==1604==
==1604== 135,168 bytes in 1 blocks are definitely lost in loss record 25 of 27
==1604==    at 0x4C2BBEF: malloc (vg_replace_malloc.c:299)
==1604==    by 0x119072: mnl_nftnl_batch_alloc (nft.c:102)
==1604==    by 0x11A311: nft_init (nft.c:777)
==1604==    by 0x115A71: xtables_main (in /usr/local/sbin/xtables-compat-multi)
==1604==    by 0x115BCB: xtables_ip4_main (in /usr/local/sbin/xtables-compat-multi)
==1604==    by 0x12F911: subcmd_main (in /usr/local/sbin/xtables-compat-multi)
==1604==    by 0x10F636: main (in /usr/local/sbin/xtables-compat-multi)
==1604==
==1604== 135,168 bytes in 1 blocks are definitely lost in loss record 26 of 27
==1604==    at 0x4C2BBEF: malloc (vg_replace_malloc.c:299)
==1604==    by 0x119072: mnl_nftnl_batch_alloc (nft.c:102)
==1604==    by 0x11910C: mnl_nftnl_batch_page_add (nft.c:122)
==1604==    by 0x11D8FE: nft_action (nft.c:2402)
==1604==    by 0x11D957: nft_commit (nft.c:2413)
==1604==    by 0x11CCB7: nft_rule_list (nft.c:2076)
==1604==    by 0x116A7F: list_entries (xtables.c:592)
==1604==    by 0x118B26: do_commandx (xtables.c:1233)
==1604==    by 0x115AE8: xtables_main (in /usr/local/sbin/xtables-compat-multi)
==1604==    by 0x115BCB: xtables_ip4_main (in /usr/local/sbin/xtables-compat-multi)
==1604==    by 0x12F911: subcmd_main (in /usr/local/sbin/xtables-compat-multi)
==1604==    by 0x10F636: main (in /usr/local/sbin/xtables-compat-multi)

Fix these memory leaks.

Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
---
 iptables/nft-ipv4.c | 2 ++
 iptables/nft-ipv6.c | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
index cf311513..00dd3e93 100644
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -320,6 +320,8 @@ static void nft_ipv4_print_firewall(struct nftnl_rule *r, unsigned int num,
 
 	if (!(format & FMT_NONEWLINE))
 		fputc('\n', stdout);
+
+	xtables_rule_matches_free(&cs.matches);
 }
 
 static void save_ipv4_addr(char letter, const struct in_addr *addr,
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index 53526369..9867d1ee 100644
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -251,6 +251,8 @@ static void nft_ipv6_print_firewall(struct nftnl_rule *r, unsigned int num,
 
 	if (!(format & FMT_NONEWLINE))
 		fputc('\n', stdout);
+
+	xtables_rule_matches_free(&cs.matches);
 }
 
 static void save_ipv6_addr(char letter, const struct in6_addr *addr,