Hi, On Mon, May 12, 2025 at 03:10:47PM +0800, 周恺航 wrote: > The function xtables_restore_main opens a file stream p.in but fails to close it before returning. This leads to a resource leak as the file descriptor remains open. > > > Signed-off-by: Kaihang Zhou <22321077@xxxxxxxxxx> > > --- > iptables/xtables-restore.c | 1 + > 1 file changed, 1 insertion(+) > > > diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c > > index e7802b9e..f09ab7ee 100644 > --- a/iptables/xtables-restore.c > +++ b/iptables/xtables-restore.c > @@ -381,6 +381,7 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[]) > break; > default: > fprintf(stderr, "Unknown family %d\n", family); > + fclose(p.in); > return 1; > } Since this is not the only error path which leaves p.in open (eight lines below is the next one for instance), why fix this one in particular and leave the other ones in place? Cheers, Phil
