[iptables,6/9] xtables: Introduce xtables_clear_iptables_command_state()

Message ID	20221130191345.14543-7-phil@nwl.cc
State	Accepted
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: Phil Sutter <phil@nwl.cc> To: netfilter-devel@vger.kernel.org Subject: [iptables PATCH 6/9] xtables: Introduce xtables_clear_iptables_command_state() Date: Wed, 30 Nov 2022 20:13:42 +0100 Message-Id: <20221130191345.14543-7-phil@nwl.cc> In-Reply-To: <20221130191345.14543-1-phil@nwl.cc> References: <20221130191345.14543-1-phil@nwl.cc> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Fix for shell testsuite '-V' option \| expand [iptables,0/9] Fix for shell testsuite '-V' option [iptables,1/9] tests: shell: Fix valgrind mode for 0008-unprivileged_0 [iptables,2/9] iptables-restore: Free handle with --test also [iptables,3/9] iptables-xml: Free allocated chain strings [iptables,4/9] nft: Plug memleak in nft_rule_zero_counters() [iptables,5/9] iptables: Plug memleaks in print_firewall() [iptables,6/9] xtables: Introduce xtables_clear_iptables_command_state() [iptables,7/9] iptables: Properly clear iptables_command_state object [iptables,8/9] xshared: Free data after printing help [iptables,9/9] libiptc: Eliminate garbage access

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index 59f100af2a6b9..d670cbe629fe4 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -490,7 +490,7 @@ nft_arp_print_rule(struct nft_handle *h, struct nftnl_rule *r, if (!(format & FMT_NONEWLINE)) fputc('\n', stdout); - nft_clear_iptables_command_state(&cs); + xtables_clear_iptables_command_state(&cs); } static bool nft_arp_is_same(const struct iptables_command_state *cs_a, @@ -787,7 +787,7 @@ struct nft_family_ops nft_family_ops_arp = { }, .rule_to_cs = nft_rule_to_iptables_command_state, .init_cs = nft_arp_init_cs, - .clear_cs = nft_clear_iptables_command_state, + .clear_cs = xtables_clear_iptables_command_state, .parse_target = nft_ipv46_parse_target, .add_entry = nft_arp_add_entry, .delete_entry = nft_arp_delete_entry, diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index 6c62dd46dddac..42167351710e6 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -247,7 +247,7 @@ static void nft_ipv4_print_rule(struct nft_handle *h, struct nftnl_rule *r, if (!(format & FMT_NONEWLINE)) fputc('\n', stdout); - nft_clear_iptables_command_state(&cs); + xtables_clear_iptables_command_state(&cs); } static void nft_ipv4_save_rule(const struct iptables_command_state *cs, @@ -454,7 +454,7 @@ struct nft_family_ops nft_family_ops_ipv4 = { }, .parse_target = nft_ipv46_parse_target, .rule_to_cs = nft_rule_to_iptables_command_state, - .clear_cs = nft_clear_iptables_command_state, + .clear_cs = xtables_clear_iptables_command_state, .xlate = nft_ipv4_xlate, .add_entry = nft_ipv4_add_entry, .delete_entry = nft_ipv4_delete_entry, diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c index 98c35afa67ad9..3a373b7eb2cfe 100644 --- a/iptables/nft-ipv6.c +++ b/iptables/nft-ipv6.c @@ -211,7 +211,7 @@ static void nft_ipv6_print_rule(struct nft_handle *h, struct nftnl_rule *r, if (!(format & FMT_NONEWLINE)) fputc('\n', stdout); - nft_clear_iptables_command_state(&cs); + xtables_clear_iptables_command_state(&cs); } static void nft_ipv6_save_rule(const struct iptables_command_state *cs, @@ -423,7 +423,7 @@ struct nft_family_ops nft_family_ops_ipv6 = { }, .parse_target = nft_ipv46_parse_target, .rule_to_cs = nft_rule_to_iptables_command_state, - .clear_cs = nft_clear_iptables_command_state, + .clear_cs = xtables_clear_iptables_command_state, .xlate = nft_ipv6_xlate, .add_entry = nft_ipv6_add_entry, .delete_entry = nft_ipv6_delete_entry, diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 63d251986f65b..f1503b6ce0cbc 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -1293,20 +1293,6 @@ bool nft_rule_to_iptables_command_state(struct nft_handle *h, return ret; } -void nft_clear_iptables_command_state(struct iptables_command_state *cs) -{ - xtables_rule_matches_free(&cs->matches); - if (cs->target) { - free(cs->target->t); - cs->target->t = NULL; - - if (cs->target == cs->target->next) { - free(cs->target); - cs->target = NULL; - } - } -} - void nft_ipv46_save_chain(const struct nftnl_chain *c, const char *policy) { const char *chain = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME); diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index e2c3ac7b0cc5c..07d39131cb0d6 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -216,7 +216,6 @@ void get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, bool *inv); bool nft_rule_to_iptables_command_state(struct nft_handle *h, const struct nftnl_rule *r, struct iptables_command_state *cs); -void nft_clear_iptables_command_state(struct iptables_command_state *cs); void print_matches_and_target(struct iptables_command_state *cs, unsigned int format); void nft_ipv46_save_chain(const struct nftnl_chain *c, const char *policy); diff --git a/iptables/xshared.c b/iptables/xshared.c index d400dc595ea99..2a894c19a011d 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -1356,6 +1356,23 @@ static const char *optstring_lookup(int family) return ""; } +void xtables_clear_iptables_command_state(struct iptables_command_state *cs) +{ + xtables_rule_matches_free(&cs->matches); + if (cs->target) { + free(cs->target->t); + cs->target->t = NULL; + + free(cs->target->udata); + cs->target->udata = NULL; + + if (cs->target == cs->target->next) { + free(cs->target); + cs->target = NULL; + } + } +} + void do_parse(int argc, char *argv[], struct xt_cmd_parse *p, struct iptables_command_state *cs, struct xtables_args *args) diff --git a/iptables/xshared.h b/iptables/xshared.h index bfae4b4e1b5d3..0ed9f3c29c600 100644 --- a/iptables/xshared.h +++ b/iptables/xshared.h @@ -130,6 +130,8 @@ struct iptables_command_state { bool restore; }; +void xtables_clear_iptables_command_state(struct iptables_command_state *cs); + typedef int (*mainfunc_t)(int, char **); struct subcommand { diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c index 4e8db4bedff88..e8d251b3162d9 100644 --- a/iptables/xtables-translate.c +++ b/iptables/xtables-translate.c @@ -336,7 +336,7 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[], exit(1); } - nft_clear_iptables_command_state(&cs); + h->ops->clear_cs(&cs); if (h->family == AF_INET) { free(args.s.addr.v4); diff --git a/iptables/xtables.c b/iptables/xtables.c index 70924176df8c1..22d6ea58376fc 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -262,7 +262,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, *table = p.table; - nft_clear_iptables_command_state(&cs); + h->ops->clear_cs(&cs); free(args.s.addr.ptr); free(args.s.mask.ptr);

[iptables,6/9] xtables: Introduce xtables_clear_iptables_command_state()

Commit Message

Patch