diff options
author | Alvaro Neira <alvaroneay@gmail.com> | 2015-02-24 09:10:32 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-02-24 14:47:23 +0100 |
commit | 5dd19ef301a9c92beb470099df0a76e33a614173 (patch) | |
tree | 5aa0f9eee91141be1a2ec1e98c883c7948bd9d59 /include | |
parent | 05eb2b89defda80be57199315f6bf40cf711460e (diff) |
ruleset: fix crash if we free sets included in the set_list
When we parse a ruleset which has a rule using a set. First step is to
parse the set, set up an ID and add it to a set list. Later, we use this
set list to find the set associated to the rule and we set up the set ID
to the expression (lookup expression) of the rule.
The problem is that if we return this set to the callback function
nft_ruleset_parse_file_cb() and we free this set, we have a crash when
we try to iterate in the set list.
This patch solves it, cloning the set and adding the new set to the set
list.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/libnftnl/set.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/libnftnl/set.h b/include/libnftnl/set.h index 7f3504f..55a47b0 100644 --- a/include/libnftnl/set.h +++ b/include/libnftnl/set.h @@ -29,6 +29,8 @@ struct nft_set; struct nft_set *nft_set_alloc(void); void nft_set_free(struct nft_set *s); +struct nft_set *nft_set_clone(const struct nft_set *set); + bool nft_set_attr_is_set(const struct nft_set *s, uint16_t attr); void nft_set_attr_unset(struct nft_set *s, uint16_t attr); void nft_set_attr_set(struct nft_set *s, uint16_t attr, const void *data); @@ -91,6 +93,8 @@ struct nft_set_elem; struct nft_set_elem *nft_set_elem_alloc(void); void nft_set_elem_free(struct nft_set_elem *s); +struct nft_set_elem *nft_set_elem_clone(struct nft_set_elem *elem); + void nft_set_elem_add(struct nft_set *s, struct nft_set_elem *elem); void nft_set_elem_attr_unset(struct nft_set_elem *s, uint16_t attr); |