nwfilter: plug memory leak with firewall

Introduced in commit 70571ccc (v1.2.4). Caught by valgrind: ==9816== 170 (32 direct, 138 indirect) bytes in 1 blocks are definitely lost in loss record 646 of 821 ==9816== at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==9816== by 0x50836FB: virAlloc (viralloc.c:144) ==9816== by 0x50AEC2B: virFirewallNew (virfirewall.c:204) ==9816== by 0x1E2308ED: ebiptablesDriverProbeStateMatch (nwfilter_ebiptables_driver.c:3715) ==9816== by 0x1E2309AD: ebiptablesDriverInit (nwfilter_ebiptables_driver.c:3742) * src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesDriverProbeStateMatch): Properly clean up. Signed-off-by: Eric Blake <eblake@redhat.com>
2024-07-07 18:35:46 +00:00 · 2014-07-22 22:18:07 -06:00 · 2014-07-22 22:18:07 -06:00 · ee70839bbf
commit ee70839bbf
parent 60e4944059
1 changed files with 6 additions and 2 deletions
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@ -3713,6 +3713,7 @@ ebiptablesDriverProbeStateMatch(void)
 {
    unsigned long version;
    virFirewallPtr fw = virFirewallNew();
+    int ret = -1;

    virFirewallStartTransaction(fw, 0);
    virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4,
@ -3720,7 +3721,7 @@ ebiptablesDriverProbeStateMatch(void)
                           "--version", NULL);

    if (virFirewallApply(fw) < 0)
-        return -1;
+        goto cleanup;

    /*
     * since version 1.4.16 '-m state --state ...' will be converted to
@ -3729,7 +3730,10 @@ ebiptablesDriverProbeStateMatch(void)
    if (version >= 1 * 1000000 + 4 * 1000 + 16)
        newMatchState = true;

-    return 0;
+    ret = 0;
+ cleanup:
+    virFirewallFree(fw);
+    return ret;
 }

 static int