diff options
author | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org> | 2006-02-11 09:34:16 +0000 |
---|---|---|
committer | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org> | 2006-02-11 09:34:16 +0000 |
commit | e2d50d97877693c39412466dab90fe8ce7e01902 (patch) | |
tree | 284929f76c23a40b34b8a77f9aaa318bb57e507e | |
parent | 64f44e0a999f0b5d55cf8fcafc29d126324f6ae4 (diff) |
fix double-free if a single match is used multiple times within a signle rule
(Closes: #440). However, while this fixes the double-free, it still doesn't make iptables
support two of the same matches within one rule. Apparently the last matchinfo is copied into all the previous
matchinfo instances.
-rw-r--r-- | ip6tables.c | 4 | ||||
-rw-r--r-- | iptables.c | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/ip6tables.c b/ip6tables.c index 6afe68f..e2c514e 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1691,8 +1691,10 @@ void clear_rule_matches(struct ip6tables_rule_match **matches) for (matchp = *matches; matchp;) { tmp = matchp->next; - if (matchp->match->m) + if (matchp->match->m) { free(matchp->match->m); + matchp->match->m = NULL; + } free(matchp); matchp = tmp; } @@ -1800,8 +1800,10 @@ void clear_rule_matches(struct iptables_rule_match **matches) for (matchp = *matches; matchp;) { tmp = matchp->next; - if (matchp->match->m) + if (matchp->match->m) { free(matchp->match->m); + matchp->match->m = NULL; + } free(matchp); matchp = tmp; } |