mxml: nft_mxml_str_parse returns copy of the string

Otherwise, the string points to an invalid memory position somewhere in the XML tree that is released after the parsing. This problem was there before the conversion to the new helper function nft_mxml_str_parse. Reported-by: Arturo Borrero <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2013-07-25 21:58:33 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-07-25 22:03:36 +0200
commit: f57644702ddc427dfafc728fb25085158e93504a (patch)
tree: a80393cf01fb254ecfc6ad2b1ff93e7c966bbc4f
parent: be9019acf97391d58838e3c21fe7db9cfc27b5f9 (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/src/expr/log.c b/src/expr/log.c
index 0872ee0..be2b40e 100644
--- a/src/expr/log.c
+++ b/src/expr/log.c
@@ -162,7 +162,7 @@ static int nft_rule_expr_log_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre
 	if (prefix == NULL)
 		return -1;
 
-	log->prefix = strdup(prefix);
+	log->prefix = (char *)prefix;
 	e->flags |= (1 << NFT_EXPR_LOG_PREFIX);
 
 	if (nft_mxml_num_parse(tree, "group", MXML_DESCEND_FIRST, BASE_DEC,
diff --git a/src/mxml.c b/src/mxml.c
index e8d4b86..f812bf6 100644
--- a/src/mxml.c
+++ b/src/mxml.c
@@ -162,7 +162,7 @@ const char *nft_mxml_str_parse(mxml_node_t *tree, const char *node_name,
 		return NULL;
 	}
 
-	return node->child->value.opaque;
+	return strdup(node->child->value.opaque);
 }
 
 #endif
author	Pablo Neira Ayuso <pablo@netfilter.org>	2013-07-25 21:58:33 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-07-25 22:03:36 +0200
commit	f57644702ddc427dfafc728fb25085158e93504a (patch)
tree	a80393cf01fb254ecfc6ad2b1ff93e7c966bbc4f
parent	be9019acf97391d58838e3c21fe7db9cfc27b5f9 (diff)