36 lines
1.1 KiB
Diff
36 lines
1.1 KiB
Diff
From d361be1f8734461e27117f6c569acf2189fcf81e Mon Sep 17 00:00:00 2001
|
|
From: Phil Sutter <phil@nwl.cc>
|
|
Date: Tue, 3 Sep 2024 17:43:19 +0200
|
|
Subject: libnftables: Zero ctx->vars after freeing it
|
|
|
|
Leaving the invalid pointer value in place will cause a double-free when
|
|
users call nft_ctx_clear_vars() first, then nft_ctx_free(). Moreover,
|
|
nft_ctx_add_var() passes the pointer to mrealloc() and thus assumes it
|
|
to be either NULL or valid.
|
|
|
|
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1772
|
|
Fixes: 9edaa6a51eab4 ("src: add --define key=value")
|
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
|
Conflict:change context from free to xfree
|
|
Reference:https://git.netfilter.org/nftables/commit/?id=d361be1f8734461e27117f6c569acf2189fcf81e
|
|
|
|
---
|
|
src/libnftables.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/src/libnftables.c b/src/libnftables.c
|
|
index 7fc81515..2ae21501 100644
|
|
--- a/src/libnftables.c
|
|
+++ b/src/libnftables.c
|
|
@@ -160,6 +160,7 @@ void nft_ctx_clear_vars(struct nft_ctx *ctx)
|
|
}
|
|
ctx->num_vars = 0;
|
|
xfree(ctx->vars);
|
|
+ ctx->vars = NULL;
|
|
}
|
|
|
|
EXPORT_SYMBOL(nft_ctx_add_include_path);
|
|
--
|
|
cgit v1.2.3
|