[Bug 1685] Calling the nftnl_set_free function may trigger the "double free" problem.
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu Jun 1 21:05:23 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1685
--- Comment #7 from Pablo Neira Ayuso <pablo at netfilter.org> ---
> diff --git a/src/set.c b/src/set.c
> index c46f827..738cc24 100644
> --- a/src/set.c
> +++ b/src/set.c
> @@ -54,8 +54,11 @@ void nftnl_set_free(const struct nftnl_set *s)
> if (s->flags & (1 << NFTNL_SET_USERDATA))
> xfree(s->user.data);
>
> - list_for_each_entry_safe(expr, next, &s->expr_list, head)
> - nftnl_expr_free(expr);
> + if (s->flags & (1 << NFTNL_SET_EXPR))
> + {
> + list_for_each_entry_safe(expr, next, &s->expr_list, head)
> + nftnl_expr_free(expr);
> + }
Maybe this instead?
list_for_each_entry_safe(expr, next, &s->expr_list, head) {
list_del(&expr->list);
nftnl_expr_free(expr);
}
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230601/59c940b0/attachment.html>
More information about the netfilter-buglog
mailing list