diff options
| author | Phil Sutter <phil@nwl.cc> | 2023-03-20 10:03:13 +0100 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2023-03-20 23:13:39 +0100 |
| commit | 5adb51190c967d28ef7f23464807f7bc86636978 (patch) | |
| tree | d8d564b6d9cf5576d9413f9d17bb53b97d55a269 | |
| parent | 4649abed1d57fb8f99f9caf06acc1eca2785926e (diff) | |
Avoid a memleak with 'reset rules' command
Like other 'reset' commands, 'reset rules' also lists the (part of the)
ruleset which was affected to give users a chance to store the zeroed
values. Therefore do_command_reset() calls do_command_list(). This in
turn calls do_list_ruleset() for CMD_OBJ_RULES which wasn't prepared for
values stored in cmd->handle other than a possible family value and thus
freely reused the pointers as scratch area for the do_list_table() call
whiich in the past fetched each table's data directly from kernel.
Meanwhile ruleset listing code has been integrated into the common
caching logic, the 'cmd' pointer became unused by do_list_table(). The
temporary cmd->handle manipulation is not needed anymore, dropping it
prevents a memleak caused by overwriting of allocated table name
pointer.
Fixes: 1694df2de79f3 ("Implement 'reset rule' and 'reset rules' commands")
Signed-off-by: Phil Sutter <phil@nwl.cc>
| -rw-r--r-- | src/rule.c | 5 |
1 files changed, 0 insertions, 5 deletions
@@ -2184,15 +2184,10 @@ static int do_list_ruleset(struct netlink_ctx *ctx, struct cmd *cmd) table->handle.family != family) continue; - cmd->handle.family = table->handle.family; - cmd->handle.table.name = table->handle.table.name; - if (do_list_table(ctx, table) < 0) return -1; } - cmd->handle.table.name = NULL; - return 0; } |