diff options
author | Phil Sutter <phil@nwl.cc> | 2019-02-01 19:17:50 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2019-02-01 19:33:59 +0100 |
commit | a880cc28358a32f96467e248266973b6ab83f080 (patch) | |
tree | 826e8ad7d441983eb1efd56fe6ce17b2a0effd8d /iptables/xtables.c | |
parent | ac8d992b8b2a23c5ae56afc428737c6863461136 (diff) |
xtables: Fix for crash when comparing rules with standard target
When parsing an nftnl_rule with a standard verdict,
nft_rule_to_iptables_command_state() initialized cs->target but didn't
care about cs->target->t. When later comparing that rule to another,
compare_targets() crashed due to unconditional access to t's fields.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/xtables.c')
-rw-r--r-- | iptables/xtables.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/iptables/xtables.c b/iptables/xtables.c index d0167e63..eaa9fede 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -1185,8 +1185,10 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, *table = p.table; xtables_rule_matches_free(&cs.matches); - if (cs.target) + if (cs.target) { free(cs.target->t); + cs.target->t = NULL; + } if (h->family == AF_INET) { free(args.s.addr.v4); |