From 5901a7d1512b8809da7b1c326d75d86d7c82984f Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org" Date: Fri, 29 Jul 2005 13:26:35 +0000 Subject: The call to free_opts() in merge_options() is invalid C. The oldopts argument always refers to the memory pointed to by the opts global, which may be freed by the call to free_opts(), but oldopts is used after the free_opts() call. This patch makes sure we don't use freed memory. (Marcus Sundberg ) ip6tables merge by myself. --- iptables.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'iptables.c') diff --git a/iptables.c b/iptables.c index 0bb2b03..7e8ba59 100644 --- a/iptables.c +++ b/iptables.c @@ -1029,9 +1029,6 @@ merge_options(struct option *oldopts, const struct option *newopts, unsigned int num_old, num_new, i; struct option *merge; - /* Release previous options merged if any */ - free_opts(0); - for (num_old = 0; oldopts[num_old].name; num_old++); for (num_new = 0; newopts[num_new].name; num_new++); @@ -1040,6 +1037,7 @@ merge_options(struct option *oldopts, const struct option *newopts, merge = malloc(sizeof(struct option) * (num_new + num_old + 1)); memcpy(merge, oldopts, num_old * sizeof(struct option)); + free_opts(0); /* Release previous options merged if any */ for (i = 0; i < num_new; i++) { merge[num_old + i] = newopts[i]; merge[num_old + i].val += *option_offset; -- cgit v1.2.3