diff mbox series

[nft] rule: fix flowtable memleaks

Message ID 20191015134833.2147-1-pablo@netfilter.org
State Superseded
Delegated to: Pablo Neira
Headers show
Series [nft] rule: fix flowtable memleaks | expand

Commit Message

Pablo Neira Ayuso Oct. 15, 2019, 1:48 p.m. UTC 
[...]
==13530== 694 (536 direct, 158 indirect) bytes in 1 blocks are definitely lost in loss record 7 of 7
==13530==    at 0x483577F: malloc (vg_replace_malloc.c:309)
==13530==    by 0x489C3A8: xmalloc (utils.c:36)
==13530==    by 0x489C479: xzalloc (utils.c:65)
==13530==    by 0x487CE1D: flowtable_alloc (rule.c:2091)
==13530==    by 0x488EC7F: netlink_delinearize_flowtable (netlink.c:1115)
==13530==    by 0x488EC7F: list_flowtable_cb (netlink.c:1151)
==13530==    by 0x4CCA424: nftnl_flowtable_list_foreach (flowtable.c:673)
==13530==    by 0x489104E: netlink_list_flowtables (netlink.c:1171)
==13530==    by 0x487BE0D: cache_init_objects (rule.c:183)
==13530==    by 0x487BE0D: cache_init (rule.c:222)
==13530==    by 0x487BE0D: cache_update (rule.c:272)
==13530==    by 0x48A12BE: nft_evaluate (libnftables.c:406)
==13530==    by 0x48A1AC1: nft_run_cmd_from_buffer (libnftables.c:447)
==13530==    by 0x10954E: main (main.c:350)

[...]
==13768== 14 (8 direct, 6 indirect) bytes in 1 blocks are definitel
==13768==    at 0x4837B65: calloc (vg_replace_malloc.c:762)
==13768==    by 0x488EDC3: netlink_delinearize_flowtable (netlink.c
==13768==    by 0x488EDC3: list_flowtable_cb (netlink.c:1151)
==13768==    by 0x4CCA424: nftnl_flowtable_list_foreach (flowtable.
==13768==    by 0x48910FE: netlink_list_flowtables (netlink.c:1171)
==13768==    by 0x487BE7D: cache_init_objects (rule.c:183)
==13768==    by 0x487BE7D: cache_init (rule.c:222)
==13768==    by 0x487BE7D: cache_update (rule.c:272)
==13768==    by 0x48A136E: nft_evaluate (libnftables.c:406)
==13768==    by 0x48A1B71: nft_run_cmd_from_buffer (libnftables.c:4
==13768==    by 0x10953E: main (main.c:326)

Fixes: db0697ce7f60 ("src: support for flowtable listing")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/rule.c | 10 ++++++++++
 1 file changed, 10 insertions(+)
diff mbox series

Patch

diff --git a/src/rule.c b/src/rule.c
index 2d35bae44c9e..e86e1a01c6ed 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1179,6 +1179,7 @@  struct table *table_alloc(void)
 
 void table_free(struct table *table)
 {
+	struct flowtable *flowtable, *nflowtable;
 	struct chain *chain, *next;
 	struct set *set, *nset;
 	struct obj *obj, *nobj;
@@ -1191,6 +1192,8 @@  void table_free(struct table *table)
 		set_free(set);
 	list_for_each_entry_safe(obj, nobj, &table->objs, list)
 		obj_free(obj);
+	list_for_each_entry_safe(flowtable, nflowtable, &table->flowtables, list)
+		flowtable_free(flowtable);
 	handle_free(&table->handle);
 	scope_release(&table->scope);
 	xfree(table);
@@ -2104,8 +2107,15 @@  struct flowtable *flowtable_get(struct flowtable *flowtable)
 
 void flowtable_free(struct flowtable *flowtable)
 {
+	int i;
+
 	if (--flowtable->refcnt > 0)
 		return;
+
+	for (i = 0; i < flowtable->dev_array_len; i++)
+		xfree(flowtable->dev_array[i]);
+
+	free(flowtable->dev_array);
 	handle_free(&flowtable->handle);
 	expr_free(flowtable->priority.expr);
 	xfree(flowtable);