Patch 1 is a requirement to cover for memleaks created by the latter ones, but is categorically correct even by itself.
Patches 2 and 3 fix actual bugs. Phil Sutter (3): nft: Fix potential memleaks in nft_*_rule_find() xtables: Fix for crash when comparing rules with standard target xtables: Fix for false-positive rule matching iptables/nft-arp.c | 12 ++++-- iptables/nft-bridge.c | 23 ++++++++--- iptables/nft-shared.c | 41 +++++++++++++++---- .../testcases/iptables/0005-delete-rules_0 | 14 +++++++ libxtables/xtables.c | 18 +++++++- 5 files changed, 89 insertions(+), 19 deletions(-) create mode 100755 iptables/tests/shell/testcases/iptables/0005-delete-rules_0 -- 2.20.1
