diff options
author | Marcus Sundberg <marcus@ingate.com> | 2005-07-29 13:26:35 +0000 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2005-07-29 13:26:35 +0000 |
commit | d91ed751b3933506ba5ab985ca02db430cd3592c (patch) | |
tree | 3f06da4c25e24f5d3c9bdb1f83376edfbed13199 /iptables.c | |
parent | 7bdfca450990ca68ccfc4c54acb14d3ea0fa8582 (diff) |
The call to free_opts() in merge_options() is invalid C. The oldopts
argument always refers to the memory pointed to by the opts global,
which may be freed by the call to free_opts(), but oldopts is used
after the free_opts() call. This patch makes sure we don't use freed
memory. (Marcus Sundberg <marcus@ingate.com>)
ip6tables merge by myself.
Diffstat (limited to 'iptables.c')
-rw-r--r-- | iptables.c | 4 |
1 files changed, 1 insertions, 3 deletions
@@ -1029,9 +1029,6 @@ merge_options(struct option *oldopts, const struct option *newopts, unsigned int num_old, num_new, i; struct option *merge; - /* Release previous options merged if any */ - free_opts(0); - for (num_old = 0; oldopts[num_old].name; num_old++); for (num_new = 0; newopts[num_new].name; num_new++); @@ -1040,6 +1037,7 @@ merge_options(struct option *oldopts, const struct option *newopts, merge = malloc(sizeof(struct option) * (num_new + num_old + 1)); memcpy(merge, oldopts, num_old * sizeof(struct option)); + free_opts(0); /* Release previous options merged if any */ for (i = 0; i < num_new; i++) { merge[num_old + i] = newopts[i]; merge[num_old + i].val += *option_offset; |