libiptc: Fix for another segfault due to chain index NULL pointer

Chain rename code missed to adjust the num_chains value which is used to calculate the number of chain index buckets to allocate during an index rebuild. So with the right number of chains present, the last chain in a middle bucket being renamed (and ending up in another bucket) triggers an index rebuild based on false data. The resulting NULL pointer index bucket then causes a segfault upon reinsertion. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1713 Fixes: 64ff47cde38e4 ("libiptc: fix chain rename bug in libiptc")
author: Phil Sutter <phil@nwl.cc> 2023-10-12 17:27:42 +0200
committer: Phil Sutter <phil@nwl.cc> 2023-10-12 17:47:13 +0200
commit: e2d7ee9c49b582f399ad4ba2da2ee1b3e1f89620 (patch)
tree: 255304667f7f27c3374210d3bd5ff295165fe564 /libiptc
parent: 8ae55c2a331e932c0aeef8c6c138bf60deb9fd42 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index e4750633..9712a363 100644
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -2384,12 +2384,16 @@ int TC_RENAME_CHAIN(const IPT_CHAINLABEL oldname,
 		return 0;
 	}
 
+	handle->num_chains--;
+
 	/* This only unlinks "c" from the list, thus no free(c) */
 	iptcc_chain_index_delete_chain(c, handle);
 
 	/* Change the name of the chain */
 	strncpy(c->name, newname, sizeof(IPT_CHAINLABEL) - 1);
 
+	handle->num_chains++;
+
 	/* Insert sorted into to list again */
 	iptc_insert_chain(handle, c);
author	Phil Sutter <phil@nwl.cc>	2023-10-12 17:27:42 +0200
committer	Phil Sutter <phil@nwl.cc>	2023-10-12 17:47:13 +0200
commit	e2d7ee9c49b582f399ad4ba2da2ee1b3e1f89620 (patch)
tree	255304667f7f27c3374210d3bd5ff295165fe564 /libiptc
parent	8ae55c2a331e932c0aeef8c6c138bf60deb9fd42 (diff)