commit 9283066f1216276116b3f4f85abf18bd673a7b11
author Pablo Neira Ayuso <pablo@netfilter.org> Tue Jun 25 11:56:55 2013 +0200
committer Pablo Neira Ayuso <pablo@netfilter.org> Mon Dec 30 23:50:34 2013 +0100
tree 453cc82a8a10c9ffa9b2724eff04e22d3c279c1c
parent 137cc981906f356c971da6de13e777a419382ff4

xtables: do not proceed if nft_init fails

Fix a crash if nft_init fails, it happens if nfnetlink support
is not available in your Linux kernel.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

iptables/xtables-config.c

diff --git a/iptables/xtables-config.c b/iptables/xtables-config.c
index 1216562..515b18b 100644
--- a/iptables/xtables-config.c
+++ b/iptables/xtables-config.c
@@ -35,7 +35,11 @@
 	else
 		filename = argv[1];
 
-	nft_init(&h);
+	if (nft_init(&h) < 0) {
+                fprintf(stderr, "Failed to initialize nft: %s\n",
+			strerror(errno));
+		return EXIT_FAILURE;
+	}
 
 	return nft_xtables_config_load(&h, filename, NFT_LOAD_VERBOSE) == 0 ?
 						    EXIT_SUCCESS : EXIT_FAILURE;

iptables/xtables-restore.c

diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 4f196fc..a5d2a65 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -193,7 +193,13 @@
 	init_extensions4();
 #endif
 
-	nft_init(&h);
+	if (nft_init(&h) < 0) {
+		fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
+				xtables_globals.program_name,
+				xtables_globals.program_version,
+				strerror(errno));
+		exit(EXIT_FAILURE);
+	}
 
 	while ((c = getopt_long(argc, argv, "bcvthnM:T:46", options, NULL)) != -1) {
 		switch (c) {

iptables/xtables-save.c

diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 111ad4b..49b859d 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -96,7 +96,13 @@
 	init_extensions();
 	init_extensions4();
 #endif
-	nft_init(&h);
+	if (nft_init(&h) < 0) {
+		fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
+				xtables_globals.program_name,
+				xtables_globals.program_version,
+				strerror(errno));
+		exit(EXIT_FAILURE);
+	}
 
 	while ((c = getopt_long(argc, argv, "bcdt:46", options, NULL)) != -1) {
 		switch (c) {

iptables/xtables-standalone.c

diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c
index 4299506..3f8b981 100644
--- a/iptables/xtables-standalone.c
+++ b/iptables/xtables-standalone.c
@@ -61,7 +61,13 @@
 	init_extensions4();
 #endif
 
-	nft_init(&h);
+	if (nft_init(&h) < 0) {
+		fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
+				xtables_globals.program_name,
+				xtables_globals.program_version,
+				strerror(errno));
+		exit(EXIT_FAILURE);
+	}
 
 	ret = do_commandx(&h, argc, argv, &table);
 	if (!ret) {