diff options
author | Phil Sutter <phil@nwl.cc> | 2022-10-07 18:29:07 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2022-10-07 23:03:42 +0200 |
commit | 97bf4e68fc0794adba3243fd96f40f4568e7216f (patch) | |
tree | a418bb94933cd2e17119892f1d17e4f8eaf25857 /libiptc | |
parent | 28c7bf020e9b1dcf94bd3162ce9c354c06bb6f97 (diff) |
libiptc: Fix for segfault when renaming a chain
This is an odd bug: If the number of chains is right and one renames the
last one in the list, libiptc dereferences a NULL pointer. Add fix and
test case for it.
Fixes: 64ff47cde38e4 ("libiptc: fix chain rename bug in libiptc")
Reported-by: Julien Castets <castets.j@gmail.com>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'libiptc')
-rw-r--r-- | libiptc/libiptc.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c index ceeb017b..97823f93 100644 --- a/libiptc/libiptc.c +++ b/libiptc/libiptc.c @@ -606,6 +606,15 @@ static int iptcc_chain_index_delete_chain(struct chain_head *c, struct xtc_handl if (index_ptr == &c->list) { /* Chain used as index ptr */ + /* If this is the last chain in the list, its index bucket just + * became empty. Adjust the size to avoid a NULL-pointer deref + * later. + */ + if (next == &h->chains) { + h->chain_index_sz--; + return 0; + } + /* See if its possible to avoid a rebuild, by shifting * to next pointer. Its possible if the next pointer * is located in the same index bucket. |