From 3e6806e7690d0ed79d9aed82dc44d1eaa676d3e8 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 17 Feb 2011 18:05:58 +0100
Subject: conntrack: fix segfault in nfct_copy() if secctx of origin is not set

This problem was caught by qa/test_api.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/conntrack/copy.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/conntrack')

diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c
index 591dde1..94d0711 100644
--- a/src/conntrack/copy.c
+++ b/src/conntrack/copy.c
@@ -418,9 +418,12 @@ static void copy_attr_zone(struct nf_conntrack *dest,
 static void copy_attr_secctx(struct nf_conntrack *dest,
 			     const struct nf_conntrack *orig)
 {
-	if (dest->secctx)
+	if (dest->secctx) {
 		free(dest->secctx);
-	dest->secctx = strdup(orig->secctx);
+		dest->secctx = NULL;
+	}
+	if (orig->secctx)
+		dest->secctx = strdup(orig->secctx);
 }
 
 static void copy_attr_timestamp_start(struct nf_conntrack *dest,
-- 
cgit v1.2.3