diff options
author | Phil Sutter <phil@nwl.cc> | 2020-01-09 17:43:11 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2020-01-10 12:37:22 +0100 |
commit | 02174ffad484d9711678e5d415c32307efc39857 (patch) | |
tree | eaba69b2fee12ee59017bf3e12a4845f0addc50a /src | |
parent | 5d57fa3e99bb9f2044e236d4ddb7d874cfefe1dd (diff) |
monitor: Fix for use after free when printing map elements
When populating the dummy set, 'data' field must be cloned just like
'key' field.
Fixes: 343a51702656a ("src: store expr, not dtype to track data in sets")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/monitor.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/monitor.c b/src/monitor.c index 84505eb9..53a8bcd4 100644 --- a/src/monitor.c +++ b/src/monitor.c @@ -401,7 +401,8 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, */ dummyset = set_alloc(monh->loc); dummyset->key = expr_clone(set->key); - dummyset->data = set->data; + if (set->data) + dummyset->data = expr_clone(set->data); dummyset->flags = set->flags; dummyset->init = set_expr_alloc(monh->loc, set); |