61 lines
2.2 KiB
Diff
61 lines
2.2 KiB
Diff
From fe727d5da18c40cb9f002eeaf0116f59e9600659 Mon Sep 17 00:00:00 2001
|
|
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Date: Fri, 15 Sep 2023 02:30:27 +0200
|
|
Subject: [PATCH] evaluate: fix memleak in prefix evaluation with wildcard
|
|
interface name
|
|
|
|
The following ruleset:
|
|
|
|
table ip x {
|
|
chain y {
|
|
meta iifname { abcde*, xyz }
|
|
}
|
|
}
|
|
|
|
triggers the following memleak:
|
|
|
|
==6871== 16 bytes in 1 blocks are definitely lost in loss record 1 of 1
|
|
==6871== at 0x483877F: malloc (vg_replace_malloc.c:307)
|
|
==6871== by 0x48AD898: xmalloc (utils.c:37)
|
|
==6871== by 0x4BC8B22: __gmpz_init2 (in /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1)
|
|
==6871== by 0x4887E67: constant_expr_alloc (expression.c:424)
|
|
==6871== by 0x488EF1F: expr_evaluate_prefix (evaluate.c:1138)
|
|
==6871== by 0x488EF1F: expr_evaluate (evaluate.c:2725)
|
|
==6871== by 0x488E76D: expr_evaluate_set_elem (evaluate.c:1662)
|
|
==6871== by 0x488E76D: expr_evaluate (evaluate.c:2739)
|
|
==6871== by 0x4891033: list_member_evaluate (evaluate.c:1454)
|
|
==6871== by 0x488E2B6: expr_evaluate_set (evaluate.c:1757)
|
|
==6871== by 0x488E2B6: expr_evaluate (evaluate.c:2737)
|
|
==6871== by 0x48910D0: elems_evaluate (evaluate.c:4605)
|
|
==6871== by 0x4891432: set_evaluate (evaluate.c:4711)
|
|
==6871== by 0x48915BC: implicit_set_declaration (evaluate.c:122)
|
|
==6871== by 0x488F18A: expr_evaluate_relational (evaluate.c:2503)
|
|
==6871== by 0x488F18A: expr_evaluate (evaluate.c:2745)
|
|
|
|
expr_evaluate_prefix() calls constant_expr_alloc() which have already
|
|
called mpz_init2(), the second call to mpz_init2() overlaps the existing
|
|
mpz_t data memory area.
|
|
|
|
Remove extra mpz_init2() call to fix this memleak.
|
|
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
---
|
|
src/evaluate.c | 1 -
|
|
1 file changed, 1 deletion(-)
|
|
|
|
diff --git a/src/evaluate.c b/src/evaluate.c
|
|
index 1b7e0b37..90e7bff6 100644
|
|
--- a/src/evaluate.c
|
|
+++ b/src/evaluate.c
|
|
@@ -1142,7 +1142,6 @@ static int expr_evaluate_prefix(struct eval_ctx *ctx, struct expr **expr)
|
|
mpz_prefixmask(mask->value, base->len, prefix->prefix_len);
|
|
break;
|
|
case TYPE_STRING:
|
|
- mpz_init2(mask->value, base->len);
|
|
mpz_bitmask(mask->value, prefix->prefix_len);
|
|
break;
|
|
}
|
|
--
|
|
2.33.0
|
|
|