[Bug 1685] Calling the nftnl_set_free function may trigger the "double free" problem.
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Fri Jun 2 08:02:17 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1685
--- Comment #10 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to Chen Zhen from comment #9)
> (In reply to Pablo Neira Ayuso from comment #8)
> > Phil already fix it here:
> >
> > https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230531123256.
> > 4882-1-phil at nwl.cc/
>
> Yes, this patch can fix the problem, but do I think we should add the if
> (s->flags & (1 << NFTNL_SET_EXPR)) judgment to the nftnl_set_free function?
There is NFTNL_SET_EXPRESSIONS that uses this list too.
List would be empty (but correctly initialized) if NFTNL_SET_EXPR or
NFTNL_SET_EXPRESSIONS are unset.
I believe this is sufficient.
> - list_for_each_entry_safe(expr, next, &s->expr_list, head)
> + if (s->flags & (1 << NFTNL_SET_EXPR)){
> + list_for_each_entry_safe(expr, next, &s->expr_list, head) {
> + list_del(&expr->head);
> nftnl_expr_free(expr);
> + }
> + }
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230602/dd1ecf6a/attachment.html>
More information about the netfilter-buglog
mailing list