[Bug 1685] Calling the nftnl_set_free function may trigger the "double free" problem.
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Wed May 31 11:27:07 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1685
--- Comment #2 from Chen Zhen <vchanger123456 at 163.com> ---
Sorry, there is a problem with the above code. Updated:
Reproduction code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <netinet/in.h>
#include <linux/netfilter/nf_tables.h>
#include <libnftnl/set.h>
#include <libnftnl/expr.h>
int main(int argc, char *argv[])
{
struct nftnl_set *a = NULL;
struct nftnl_expr *ex;
a = nftnl_set_alloc();
ex = nftnl_expr_alloc("meta");
if (a == NULL || ex == NULL)
printf("OOM\n");
nftnl_expr_set_u32(ex, NFTNL_EXPR_META_KEY, 0x1234568);
nftnl_expr_set_u32(ex, NFTNL_EXPR_META_DREG, 0x78123456);
nftnl_set_set_str(a, NFTNL_SET_TABLE, "test-table");
nftnl_set_set_str(a, NFTNL_SET_NAME, "test-name");
nftnl_set_set_u32(a, NFTNL_SET_FLAGS, 0x12345678);
nftnl_set_set_u32(a, NFTNL_SET_KEY_TYPE, 0x12345678);
nftnl_set_set_u32(a, NFTNL_SET_KEY_LEN, 0x12345678);
nftnl_set_set_u32(a, NFTNL_SET_DATA_TYPE, 0x12345678);
nftnl_set_set_u32(a, NFTNL_SET_DATA_LEN, 0x12345678);
nftnl_set_set_u32(a, NFTNL_SET_FAMILY, 0x12345678);
nftnl_set_set_str(a, NFTNL_SET_USERDATA, "testing user data");
nftnl_set_set(a, NFTNL_SET_EXPR, ex);
nftnl_set_unset(a, NFTNL_SET_EXPR);
nftnl_set_free(a);
printf("ok\n");
return 0;
}
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230531/60a2fef4/attachment.html>
More information about the netfilter-buglog
mailing list