summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHarald Welte <laforge@gnumonks.org>2006-02-11 09:34:16 +0000
committerHarald Welte <laforge@gnumonks.org>2006-02-11 09:34:16 +0000
commitd6bc6084bca3304a8cc800a57869bef1e21498de (patch)
tree284929f76c23a40b34b8a77f9aaa318bb57e507e
parent0fbc8622895f1763b8815e058fb9a618ff4c629a (diff)
fix double-free if a single match is used multiple times within a signle rule
(Closes: #440). However, while this fixes the double-free, it still doesn't make iptables support two of the same matches within one rule. Apparently the last matchinfo is copied into all the previous matchinfo instances.
-rw-r--r--ip6tables.c4
-rw-r--r--iptables.c4
2 files changed, 6 insertions, 2 deletions
diff --git a/ip6tables.c b/ip6tables.c
index 6afe68fd..e2c514e2 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1691,8 +1691,10 @@ void clear_rule_matches(struct ip6tables_rule_match **matches)
for (matchp = *matches; matchp;) {
tmp = matchp->next;
- if (matchp->match->m)
+ if (matchp->match->m) {
free(matchp->match->m);
+ matchp->match->m = NULL;
+ }
free(matchp);
matchp = tmp;
}
diff --git a/iptables.c b/iptables.c
index e22b9ea1..b66e5e1b 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1800,8 +1800,10 @@ void clear_rule_matches(struct iptables_rule_match **matches)
for (matchp = *matches; matchp;) {
tmp = matchp->next;
- if (matchp->match->m)
+ if (matchp->match->m) {
free(matchp->match->m);
+ matchp->match->m = NULL;
+ }
free(matchp);
matchp = tmp;
}