From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [iptables PATCH 2/2] nft: Use xtables_{m,c}alloc() everywhere
Date: Tue, 31 Aug 2021 14:08:30 +0200 [thread overview]
Message-ID: <20210831120830.6414-2-phil@nwl.cc> (raw)
In-Reply-To: <20210831120830.6414-1-phil@nwl.cc>
Make use of libxtables allocators where sensible to have implicit error
checking. Leave library-internal calls in place to not create unexpected
program exit points for users, apart from xt_xlate_alloc() as that
function called xtables_error() in error case which exits by itself
already.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
iptables/nft-bridge.c | 6 +-----
iptables/nft-cmd.c | 5 +----
iptables/nft.c | 15 +++------------
iptables/xshared.c | 8 ++------
iptables/xtables-eb.c | 14 +++-----------
libxtables/xtables.c | 11 ++---------
6 files changed, 12 insertions(+), 47 deletions(-)
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index d98fd527d9549..11f3df3582aa5 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -477,11 +477,7 @@ static void nft_bridge_parse_lookup(struct nft_xt_ctx *ctx,
static void parse_watcher(void *object, struct ebt_match **match_list,
bool ismatch)
{
- struct ebt_match *m;
-
- m = calloc(1, sizeof(struct ebt_match));
- if (m == NULL)
- xtables_error(OTHER_PROBLEM, "Can't allocate memory");
+ struct ebt_match *m = xtables_calloc(1, sizeof(struct ebt_match));
if (ismatch)
m->u.match = object;
diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c
index a0c76a795e59c..87e66905655d6 100644
--- a/iptables/nft-cmd.c
+++ b/iptables/nft-cmd.c
@@ -23,10 +23,7 @@ struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command,
struct nftnl_rule *rule;
struct nft_cmd *cmd;
- cmd = calloc(1, sizeof(struct nft_cmd));
- if (!cmd)
- return NULL;
-
+ cmd = xtables_calloc(1, sizeof(struct nft_cmd));
cmd->command = command;
cmd->table = xtables_strdup(table);
if (chain)
diff --git a/iptables/nft.c b/iptables/nft.c
index a470939db54fb..c9ed38bd29a53 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -362,10 +362,7 @@ static struct obj_update *batch_add(struct nft_handle *h, enum obj_update_type t
{
struct obj_update *obj;
- obj = calloc(1, sizeof(struct obj_update));
- if (obj == NULL)
- return NULL;
-
+ obj = xtables_calloc(1, sizeof(struct obj_update));
obj->ptr = ptr;
obj->error.lineno = h->error.lineno;
obj->type = type;
@@ -997,10 +994,7 @@ static int __add_match(struct nftnl_expr *e, struct xt_entry_match *m)
nftnl_expr_set(e, NFTNL_EXPR_MT_NAME, m->u.user.name, strlen(m->u.user.name));
nftnl_expr_set_u32(e, NFTNL_EXPR_MT_REV, m->u.user.revision);
- info = calloc(1, m->u.match_size);
- if (info == NULL)
- return -ENOMEM;
-
+ info = xtables_calloc(1, m->u.match_size);
memcpy(info, m->data, m->u.match_size - sizeof(*m));
nftnl_expr_set(e, NFTNL_EXPR_MT_INFO, info, m->u.match_size - sizeof(*m));
@@ -1245,10 +1239,7 @@ static int __add_target(struct nftnl_expr *e, struct xt_entry_target *t)
strlen(t->u.user.name));
nftnl_expr_set_u32(e, NFTNL_EXPR_TG_REV, t->u.user.revision);
- info = calloc(1, t->u.target_size);
- if (info == NULL)
- return -ENOMEM;
-
+ info = xtables_calloc(1, t->u.target_size);
memcpy(info, t->data, t->u.target_size - sizeof(*t));
nftnl_expr_set(e, NFTNL_EXPR_TG_INFO, info, t->u.target_size - sizeof(*t));
diff --git a/iptables/xshared.c b/iptables/xshared.c
index ed3e9c5a4426a..2d3ef679fd765 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -220,9 +220,7 @@ void xs_init_target(struct xtables_target *target)
{
if (target->udata_size != 0) {
free(target->udata);
- target->udata = calloc(1, target->udata_size);
- if (target->udata == NULL)
- xtables_error(RESOURCE_PROBLEM, "malloc");
+ target->udata = xtables_calloc(1, target->udata_size);
}
if (target->init != NULL)
target->init(target->t);
@@ -238,9 +236,7 @@ void xs_init_match(struct xtables_match *match)
* Same goes for target.
*/
free(match->udata);
- match->udata = calloc(1, match->udata_size);
- if (match->udata == NULL)
- xtables_error(RESOURCE_PROBLEM, "malloc");
+ match->udata = xtables_calloc(1, match->udata_size);
}
if (match->init != NULL)
match->init(match->m);
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 6e35f58ee685f..6e5ecd4864fa5 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -274,9 +274,7 @@ static struct option *merge_options(struct option *oldopts,
ebtables_globals.option_offset += OPTION_OFFSET;
*options_offset = ebtables_globals.option_offset;
- merge = malloc(sizeof(struct option) * (num_new + num_old + 1));
- if (!merge)
- return NULL;
+ merge = xtables_malloc(sizeof(struct option) * (num_new + num_old + 1));
memcpy(merge, oldopts, num_old * sizeof(struct option));
for (i = 0; i < num_new; i++) {
merge[num_old + i] = newopts[i];
@@ -571,10 +569,7 @@ void ebt_add_match(struct xtables_match *m,
m->mflags = 0;
/* glue code for watchers */
- newnode = calloc(1, sizeof(struct ebt_match));
- if (newnode == NULL)
- xtables_error(OTHER_PROBLEM, "Unable to alloc memory");
-
+ newnode = xtables_calloc(1, sizeof(struct ebt_match));
newnode->ismatch = true;
newnode->u.match = newm;
@@ -603,10 +598,7 @@ void ebt_add_watcher(struct xtables_target *watcher,
watcher->tflags = 0;
- newnode = calloc(1, sizeof(struct ebt_match));
- if (newnode == NULL)
- xtables_error(OTHER_PROBLEM, "Unable to alloc memory");
-
+ newnode = xtables_calloc(1, sizeof(struct ebt_match));
newnode->u.watcher = clone;
for (matchp = &cs->match_list; *matchp; matchp = &(*matchp)->next)
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index b261e97bba3b7..d670175db2236 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -2353,18 +2353,11 @@ struct xt_xlate {
struct xt_xlate *xt_xlate_alloc(int size)
{
- struct xt_xlate *xl;
+ struct xt_xlate *xl = xtables_malloc(sizeof(struct xt_xlate));
int i;
- xl = malloc(sizeof(struct xt_xlate));
- if (xl == NULL)
- xtables_error(RESOURCE_PROBLEM, "OOM");
-
for (i = 0; i < __XT_XLATE_MAX; i++) {
- xl->buf[i].data = malloc(size);
- if (xl->buf[i].data == NULL)
- xtables_error(RESOURCE_PROBLEM, "OOM");
-
+ xl->buf[i].data = xtables_malloc(size);
xl->buf[i].data[0] = '\0';
xl->buf[i].size = size;
xl->buf[i].rem = size;
--
2.32.0
prev parent reply other threads:[~2021-08-31 12:14 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-31 12:08 [iptables PATCH 1/2] nft: Use xtables_malloc() in mnl_err_list_node_add() Phil Sutter
2021-08-31 12:08 ` Phil Sutter [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210831120830.6414-2-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.