From patchwork Sat Dec 15 18:25:04 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Phil Sutter <phil@nwl.cc>
X-Patchwork-Id: 1013985
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=nwl.cc
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 43HG722BR1z9s47
	for <incoming@patchwork.ozlabs.org>;
	Sun, 16 Dec 2018 05:25:17 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1727403AbeLOSZQ (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Sat, 15 Dec 2018 13:25:16 -0500
Received: from orbyte.nwl.cc ([151.80.46.58]:37052 "EHLO orbyte.nwl.cc"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1727168AbeLOSZQ (ORCPT <rfc822; netfilter-devel@vger.kernel.org>);
	Sat, 15 Dec 2018 13:25:16 -0500
Received: from localhost ([::1]:50140 helo=tatos)
	by orbyte.nwl.cc with esmtp (Exim 4.91)
	(envelope-from <phil@nwl.cc>)
	id 1gYEck-0006HQ-Og; Sat, 15 Dec 2018 19:25:14 +0100
From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [iptables PATCH] xtables: Catch errors when zeroing rule rounters
Date: Sat, 15 Dec 2018 19:25:04 +0100
Message-Id: <20181215182504.26001-1-phil@nwl.cc>
X-Mailer: git-send-email 2.19.0
MIME-Version: 1.0
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

Covscan complained about call to batch_rule_add() not being checked.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/iptables/nft.c b/iptables/nft.c
index f9024927c0e73..ea7419b620e7a 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -3022,7 +3022,9 @@ static int __nft_chain_zero_counters(struct nftnl_chain *c, void *data)
 			 * rule based on its handle only.
 			 */
 			nftnl_rule_unset(r, NFTNL_RULE_POSITION);
-			batch_rule_add(h, NFT_COMPAT_RULE_REPLACE, r);
+			ret = batch_rule_add(h, NFT_COMPAT_RULE_REPLACE, r);
+			if (ret)
+				return -1;
 		}
 		r = nftnl_rule_iter_next(iter);
 	}