Re: [PATCH] netfilter: x_tables: fix missing unlock if table init fails

On Fri, Oct 12, 2018 at 04:16:53PM -0700, Omar Sandoval wrote: > From: Omar Sandoval > > Commit 7dde07e9c536 ("netfilter: x_tables: unlock on error in > xt_find_table_lock()") fixed one missing unlock in xt_find_table_lock(), > but we're also missing one if t->table_init() fails. > > Fixes: b9e6

[PATCH] netfilter: x_tables: fix missing unlock if table init fails

From: Omar Sandoval Commit 7dde07e9c536 ("netfilter: x_tables: unlock on error in xt_find_table_lock()") fixed one missing unlock in xt_find_table_lock(), but we're also missing one if t->table_init() fails. Fixes: b9e69e127397 ("netfilter: xtables: don't hook tables by default") Signed-off-by:

[nft PATCH] xt: Fix for covscan warning in xt_stmt_xlate()

This does not fix a real issue, target or match field should never be NULL. Also, I can't find a place where opts field is being assigned to. Still, covscan sees the NULL check and assumes that if target or match field is NULL *and* opts field is NULL as well, code ends up dereferencing the NULL t

[nft PATCH] json: Fix memleak in dup_stmt_json()

The variable 'root' is always assigned to after initialization, so there is no point in initializing it upon declaration. Fixes: e70354f53e9f6 ("libnftables: Implement JSON output support") Signed-off-by: Phil Sutter --- src/json.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --gi

[nft PATCH] parser_json: Fix for ineffective family value checks

Since handle->family is unsigned, checking for value < 0 never yields true. Overcome this by changing parse_family() to return an error code and write the parsed family value into a pointer passed as parameter. The above change required a bit more cleanup to avoid passing pointers to signed variab

[nft PATCH] libnftables: Fix memleak in nft_parse_bison_filename()

Allocated scanner object leaks when returning to caller. For some odd reason, this was missed by the commit referenced below. Fixes: bd82e03e15df8 ("libnftables: Move scanner object into struct nft_ctx") Signed-off-by: Phil Sutter --- src/libnftables.c | 7 +++ 1 file changed, 3 insertions(+

[nft PATCH] Fix memleak in netlink_parse_fwd() error path

Make sure allocated 'stmt' is freed before returning to caller. Fixes: 30d45266bf38b ("expr: extend fwd statement to support address and family") Signed-off-by: Phil Sutter --- src/netlink_delinearize.c | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/netlin