diff options
author | Phil Sutter <phil@nwl.cc> | 2018-12-20 21:03:29 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-12-21 12:04:55 +0100 |
commit | 822dc96815e96465822ce4b1187c4b29c06cb7c1 (patch) | |
tree | 17472c5a939cceda752b8715984287caac802f64 /src/flowtable.c | |
parent | 404ef7222d055aacdbd4d73dc0d8731fa8f6cbe4 (diff) |
flowtable: Fix use after free in two spots
When freeing flowtable devices array, the loop freeing each device
string incorrectly included the call to free the device array itself.
Fixes: eb58f53372e74 ("src: add flowtable support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/flowtable.c')
-rw-r--r-- | src/flowtable.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/src/flowtable.c b/src/flowtable.c index caf3c13..14cb12f 100644 --- a/src/flowtable.c +++ b/src/flowtable.c @@ -85,10 +85,9 @@ void nftnl_flowtable_unset(struct nftnl_flowtable *c, uint16_t attr) case NFTNL_FLOWTABLE_FLAGS: break; case NFTNL_FLOWTABLE_DEVICES: - for (i = 0; i < c->dev_array_len; i++) { + for (i = 0; i < c->dev_array_len; i++) xfree(c->dev_array[i]); - xfree(c->dev_array); - } + xfree(c->dev_array); break; default: return; @@ -146,10 +145,9 @@ int nftnl_flowtable_set_data(struct nftnl_flowtable *c, uint16_t attr, len++; if (c->flags & (1 << NFTNL_FLOWTABLE_DEVICES)) { - for (i = 0; i < c->dev_array_len; i++) { + for (i = 0; i < c->dev_array_len; i++) xfree(c->dev_array[i]); - xfree(c->dev_array); - } + xfree(c->dev_array); } c->dev_array = calloc(len + 1, sizeof(char *)); |