[server] if iptables init fails then no need to remove fwknop chains

This commit fixes a crash at init time in fwknopd if an improperly formatted IPT_INPUT_ACCESS variable is used in fwknopd.conf file. fwknopd should not try to delete chains with a bogus IPT_INPUT_ACCESS variable, and valgrind verifies that this change does not introduce any memory leaks (see the 'invalid iptables INPUT spec' tests run in --enable-valgrind mode).
mrash · Aug 5, 2013 · 39fa4cc · 39fa4cc
1 parent a7030b0
commit 39fa4cc
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/server/fwknopd.c b/server/fwknopd.c
@@ -182,7 +182,7 @@ main(int argc, char **argv)
          * of an existing fwknopd process.
         */
         if(fw_config_init(&opts) != 1)
-            clean_exit(&opts, FW_CLEANUP, EXIT_FAILURE);
+            clean_exit(&opts, NO_FW_CLEANUP, EXIT_FAILURE);
 
         if(opts.fw_list == 1 || opts.fw_list_all == 1)
         {