From 1db6c61f233a0488bc4c9b8fc47d205d4885ef50 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 25 Feb 2017 13:15:14 +0100
Subject: datatype: add DTYPE_F_CLONE flag

This flag allows us to identify datatypes that are instances from
original datatypes.

This fixes a possible double free when attaching a concatenation
datatype to set->keytype while being also referenced from concatenation
expressions.

ip6/flowtable.t: ERROR: line 5: src/nft add rule --debug=netlink ip6 test-ip6 input flow table acct_out { meta iif . ip6 saddr timeout 600s counter }: This rule should not have failed.
*** Error in `src/nft': double free or corruption (fasttop): 0x000000000117ce70 ***

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/datatype.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'include/datatype.h')

diff --git a/include/datatype.h b/include/datatype.h
index 68fb2a6c..3ce3a888 100644
--- a/include/datatype.h
+++ b/include/datatype.h
@@ -109,10 +109,12 @@ struct expr;
  *
  * @DTYPE_F_ALLOC:		datatype is dynamically allocated
  * @DTYPE_F_PREFIX:		preferred representation for ranges is a prefix
+ * @DTYPE_F_CLONE:		this is an instance from original datatype
  */
 enum datatype_flags {
 	DTYPE_F_ALLOC		= (1 << 0),
 	DTYPE_F_PREFIX		= (1 << 1),
+	DTYPE_F_CLONE		= (1 << 2),
 };
 
 /**
-- 
cgit v1.2.3