[iptables PATCH 1/2] nft: Use xtables_malloc() in mnl_err_list_node_add()

[iptables PATCH 1/2] nft: Use xtables_malloc() in mnl_err_list_node_add()

[Phil Sutter]

The function called malloc() without checking for memory allocation
failure. Simply replace the call by xtables_malloc() to fix that.

Fixes: 4e2020952d6f9 ("xtables: use libnftnl batch API")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iptables/nft.c b/iptables/nft.c
index 795dff8605404..a470939db54fb 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -143,7 +143,7 @@ struct mnl_err {
 static void mnl_err_list_node_add(struct list_head *err_list, int error,
 				  int seqnum)
 {
-	struct mnl_err *err = malloc(sizeof(struct mnl_err));
+	struct mnl_err *err = xtables_malloc(sizeof(struct mnl_err));
 
 	err->seqnum = seqnum;
 	err->err = error;
-- 
2.32.0

[iptables PATCH 2/2] nft: Use xtables_{m,c}alloc() everywhere

[Phil Sutter]

Make use of libxtables allocators where sensible to have implicit error
checking. Leave library-internal calls in place to not create unexpected
program exit points for users, apart from xt_xlate_alloc() as that
function called xtables_error() in error case which exits by itself
already.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft-bridge.c |  6 +-----
 iptables/nft-cmd.c    |  5 +----
 iptables/nft.c        | 15 +++------------
 iptables/xshared.c    |  8 ++------
 iptables/xtables-eb.c | 14 +++-----------
 libxtables/xtables.c  | 11 ++---------
 6 files changed, 12 insertions(+), 47 deletions(-)

diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index d98fd527d9549..11f3df3582aa5 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -477,11 +477,7 @@ static void nft_bridge_parse_lookup(struct nft_xt_ctx *ctx,
 static void parse_watcher(void *object, struct ebt_match **match_list,
 			  bool ismatch)
 {
-	struct ebt_match *m;
-
-	m = calloc(1, sizeof(struct ebt_match));
-	if (m == NULL)
-		xtables_error(OTHER_PROBLEM, "Can't allocate memory");
+	struct ebt_match *m = xtables_calloc(1, sizeof(struct ebt_match));
 
 	if (ismatch)
 		m->u.match = object;
diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c
index a0c76a795e59c..87e66905655d6 100644
--- a/iptables/nft-cmd.c
+++ b/iptables/nft-cmd.c
@@ -23,10 +23,7 @@ struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command,
 	struct nftnl_rule *rule;
 	struct nft_cmd *cmd;
 
-	cmd = calloc(1, sizeof(struct nft_cmd));
-	if (!cmd)
-		return NULL;
-
+	cmd = xtables_calloc(1, sizeof(struct nft_cmd));
 	cmd->command = command;
 	cmd->table = xtables_strdup(table);
 	if (chain)
diff --git a/iptables/nft.c b/iptables/nft.c
index a470939db54fb..c9ed38bd29a53 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -362,10 +362,7 @@ static struct obj_update *batch_add(struct nft_handle *h, enum obj_update_type t
 {
 	struct obj_update *obj;
 
-	obj = calloc(1, sizeof(struct obj_update));
-	if (obj == NULL)
-		return NULL;
-
+	obj = xtables_calloc(1, sizeof(struct obj_update));
 	obj->ptr = ptr;
 	obj->error.lineno = h->error.lineno;
 	obj->type = type;
@@ -997,10 +994,7 @@ static int __add_match(struct nftnl_expr *e, struct xt_entry_match *m)
 	nftnl_expr_set(e, NFTNL_EXPR_MT_NAME, m->u.user.name, strlen(m->u.user.name));
 	nftnl_expr_set_u32(e, NFTNL_EXPR_MT_REV, m->u.user.revision);
 
-	info = calloc(1, m->u.match_size);
-	if (info == NULL)
-		return -ENOMEM;
-
+	info = xtables_calloc(1, m->u.match_size);
 	memcpy(info, m->data, m->u.match_size - sizeof(*m));
 	nftnl_expr_set(e, NFTNL_EXPR_MT_INFO, info, m->u.match_size - sizeof(*m));
 
@@ -1245,10 +1239,7 @@ static int __add_target(struct nftnl_expr *e, struct xt_entry_target *t)
 			  strlen(t->u.user.name));
 	nftnl_expr_set_u32(e, NFTNL_EXPR_TG_REV, t->u.user.revision);
 
-	info = calloc(1, t->u.target_size);
-	if (info == NULL)
-		return -ENOMEM;
-
+	info = xtables_calloc(1, t->u.target_size);
 	memcpy(info, t->data, t->u.target_size - sizeof(*t));
 	nftnl_expr_set(e, NFTNL_EXPR_TG_INFO, info, t->u.target_size - sizeof(*t));
 
diff --git a/iptables/xshared.c b/iptables/xshared.c
index ed3e9c5a4426a..2d3ef679fd765 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -220,9 +220,7 @@ void xs_init_target(struct xtables_target *target)
 {
 	if (target->udata_size != 0) {
 		free(target->udata);
-		target->udata = calloc(1, target->udata_size);
-		if (target->udata == NULL)
-			xtables_error(RESOURCE_PROBLEM, "malloc");
+		target->udata = xtables_calloc(1, target->udata_size);
 	}
 	if (target->init != NULL)
 		target->init(target->t);
@@ -238,9 +236,7 @@ void xs_init_match(struct xtables_match *match)
 		 * Same goes for target.
 		 */
 		free(match->udata);
-		match->udata = calloc(1, match->udata_size);
-		if (match->udata == NULL)
-			xtables_error(RESOURCE_PROBLEM, "malloc");
+		match->udata = xtables_calloc(1, match->udata_size);
 	}
 	if (match->init != NULL)
 		match->init(match->m);
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 6e35f58ee685f..6e5ecd4864fa5 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -274,9 +274,7 @@ static struct option *merge_options(struct option *oldopts,
 	ebtables_globals.option_offset += OPTION_OFFSET;
 	*options_offset = ebtables_globals.option_offset;
 
-	merge = malloc(sizeof(struct option) * (num_new + num_old + 1));
-	if (!merge)
-		return NULL;
+	merge = xtables_malloc(sizeof(struct option) * (num_new + num_old + 1));
 	memcpy(merge, oldopts, num_old * sizeof(struct option));
 	for (i = 0; i < num_new; i++) {
 		merge[num_old + i] = newopts[i];
@@ -571,10 +569,7 @@ void ebt_add_match(struct xtables_match *m,
 	m->mflags = 0;
 
 	/* glue code for watchers */
-	newnode = calloc(1, sizeof(struct ebt_match));
-	if (newnode == NULL)
-		xtables_error(OTHER_PROBLEM, "Unable to alloc memory");
-
+	newnode = xtables_calloc(1, sizeof(struct ebt_match));
 	newnode->ismatch = true;
 	newnode->u.match = newm;
 
@@ -603,10 +598,7 @@ void ebt_add_watcher(struct xtables_target *watcher,
 	watcher->tflags = 0;
 
 
-	newnode = calloc(1, sizeof(struct ebt_match));
-	if (newnode == NULL)
-		xtables_error(OTHER_PROBLEM, "Unable to alloc memory");
-
+	newnode = xtables_calloc(1, sizeof(struct ebt_match));
 	newnode->u.watcher = clone;
 
 	for (matchp = &cs->match_list; *matchp; matchp = &(*matchp)->next)
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index b261e97bba3b7..d670175db2236 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -2353,18 +2353,11 @@ struct xt_xlate {
 
 struct xt_xlate *xt_xlate_alloc(int size)
 {
-	struct xt_xlate *xl;
+	struct xt_xlate *xl = xtables_malloc(sizeof(struct xt_xlate));
 	int i;
 
-	xl = malloc(sizeof(struct xt_xlate));
-	if (xl == NULL)
-		xtables_error(RESOURCE_PROBLEM, "OOM");
-
 	for (i = 0; i < __XT_XLATE_MAX; i++) {
-		xl->buf[i].data = malloc(size);
-		if (xl->buf[i].data == NULL)
-			xtables_error(RESOURCE_PROBLEM, "OOM");
-
+		xl->buf[i].data = xtables_malloc(size);
 		xl->buf[i].data[0] = '\0';
 		xl->buf[i].size = size;
 		xl->buf[i].rem = size;
-- 
2.32.0