diff options
author | Phil Sutter <phil@nwl.cc> | 2023-10-12 17:27:42 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2023-10-12 17:47:13 +0200 |
commit | e2d7ee9c49b582f399ad4ba2da2ee1b3e1f89620 (patch) | |
tree | 255304667f7f27c3374210d3bd5ff295165fe564 /libiptc | |
parent | 8ae55c2a331e932c0aeef8c6c138bf60deb9fd42 (diff) |
libiptc: Fix for another segfault due to chain index NULL pointer
Chain rename code missed to adjust the num_chains value which is used to
calculate the number of chain index buckets to allocate during an index
rebuild. So with the right number of chains present, the last chain in a
middle bucket being renamed (and ending up in another bucket) triggers
an index rebuild based on false data. The resulting NULL pointer index
bucket then causes a segfault upon reinsertion.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1713
Fixes: 64ff47cde38e4 ("libiptc: fix chain rename bug in libiptc")
Diffstat (limited to 'libiptc')
-rw-r--r-- | libiptc/libiptc.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c index e4750633..9712a363 100644 --- a/libiptc/libiptc.c +++ b/libiptc/libiptc.c @@ -2384,12 +2384,16 @@ int TC_RENAME_CHAIN(const IPT_CHAINLABEL oldname, return 0; } + handle->num_chains--; + /* This only unlinks "c" from the list, thus no free(c) */ iptcc_chain_index_delete_chain(c, handle); /* Change the name of the chain */ strncpy(c->name, newname, sizeof(IPT_CHAINLABEL) - 1); + handle->num_chains++; + /* Insert sorted into to list again */ iptc_insert_chain(handle, c); |