1From 18880dbde615449d00a3e38f3713a19d4566258e Mon Sep 17 00:00:00 2001 2From: Phil Sutter <phil@nwl.cc> 3Date: Fri, 25 Nov 2022 19:24:38 +0100 4Subject: [PATCH] iptables-restore: Free handle with --test also 5 6When running 'iptables-restore -t', valgrind reports: 7 81,496 (160 direct, 1,336 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 4 9 at 0x48417E5: malloc (vg_replace_malloc.c:381) 10 by 0x4857A46: alloc_handle (libiptc.c:1279) 11 by 0x4857A46: iptc_init (libiptc.c:1342) 12 by 0x1167CE: create_handle (iptables-restore.c:72) 13 by 0x1167CE: ip46tables_restore_main (iptables-restore.c:229) 14 by 0x116DAE: iptables_restore_main (iptables-restore.c:388) 15 by 0x49A2349: (below main) (in /lib64/libc.so.6) 16 17Free the handle pointer before parsing the next table. 18 19Conflict: NA 20Reference: https://git.netfilter.org/iptables/commit?id=18880dbde615449d00a3e38f3713a19d4566258e 21 22Fixes: 1c9015b2cb483 ("libiptc: remove indirections") 23Signed-off-by: Phil Sutter <phil@nwl.cc> 24--- 25 iptables/iptables-restore.c | 4 ++-- 26 1 file changed, 2 insertions(+), 2 deletions(-) 27 28diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c 29index 05661bf6..6f7ddf93 100644 30--- a/iptables/iptables-restore.c 31+++ b/iptables/iptables-restore.c 32@@ -185,12 +185,12 @@ ip46tables_restore_main(const struct iptables_restore_cb *cb, 33 if (!testing) { 34 DEBUGP("Calling commit\n"); 35 ret = cb->ops->commit(handle); 36- cb->ops->free(handle); 37- handle = NULL; 38 } else { 39 DEBUGP("Not calling commit, testing\n"); 40 ret = 1; 41 } 42+ cb->ops->free(handle); 43+ handle = NULL; 44 45 /* Done with the current table, release the lock. */ 46 if (lock >= 0) { 47-- 482.23.0 49