From a880cc28358a32f96467e248266973b6ab83f080 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Fri, 1 Feb 2019 19:17:50 +0100
Subject: xtables: Fix for crash when comparing rules with standard target

When parsing an nftnl_rule with a standard verdict,
nft_rule_to_iptables_command_state() initialized cs->target but didn't
care about cs->target->t. When later comparing that rule to another,
compare_targets() crashed due to unconditional access to t's fields.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 iptables/xtables.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'iptables/xtables.c')

diff --git a/iptables/xtables.c b/iptables/xtables.c
index d0167e63..eaa9fede 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -1185,8 +1185,10 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
 	*table = p.table;
 
 	xtables_rule_matches_free(&cs.matches);
-	if (cs.target)
+	if (cs.target) {
 		free(cs.target->t);
+		cs.target->t = NULL;
+	}
 
 	if (h->family == AF_INET) {
 		free(args.s.addr.v4);
-- 
cgit v1.2.3