xtables: Fix for crash when comparing rules with standard target

When parsing an nftnl_rule with a standard verdict, nft_rule_to_iptables_command_state() initialized cs->target but didn't care about cs->target->t. When later comparing that rule to another, compare_targets() crashed due to unconditional access to t's fields. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
author: Phil Sutter <phil@nwl.cc> 2019-02-01 19:17:50 +0100
committer: Florian Westphal <fw@strlen.de> 2019-02-01 19:33:59 +0100
commit: a880cc28358a32f96467e248266973b6ab83f080 (patch)
tree: 826e8ad7d441983eb1efd56fe6ce17b2a0effd8d /iptables/xtables.c
parent: ac8d992b8b2a23c5ae56afc428737c6863461136 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/iptables/xtables.c b/iptables/xtables.c
index d0167e63..eaa9fede 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -1185,8 +1185,10 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
 	*table = p.table;
 
 	xtables_rule_matches_free(&cs.matches);
-	if (cs.target)
+	if (cs.target) {
 		free(cs.target->t);
+		cs.target->t = NULL;
+	}
 
 	if (h->family == AF_INET) {
 		free(args.s.addr.v4);
author	Phil Sutter <phil@nwl.cc>	2019-02-01 19:17:50 +0100
committer	Florian Westphal <fw@strlen.de>	2019-02-01 19:33:59 +0100
commit	a880cc28358a32f96467e248266973b6ab83f080 (patch)
tree	826e8ad7d441983eb1efd56fe6ce17b2a0effd8d /iptables/xtables.c
parent	ac8d992b8b2a23c5ae56afc428737c6863461136 (diff)