[netfilter-cvslog] r4172 - trunk/iptables

laforge at netfilter.org laforge at netfilter.org
Fri Jul 29 15:26:36 CEST 2005


Author: laforge at netfilter.org
Date: 2005-07-29 15:26:35 +0200 (Fri, 29 Jul 2005)
New Revision: 4172

Modified:
   trunk/iptables/ip6tables.c
   trunk/iptables/iptables.c
Log:
The call to free_opts() in merge_options() is invalid C. The oldopts
argument always refers to the memory pointed to by the opts global,
which may be freed by the call to free_opts(), but oldopts is used
after the free_opts() call. This patch makes sure we don't use freed
memory.  (Marcus Sundberg <marcus at ingate.com>)

ip6tables merge by myself.


Modified: trunk/iptables/ip6tables.c
===================================================================
--- trunk/iptables/ip6tables.c	2005-07-29 12:59:57 UTC (rev 4171)
+++ trunk/iptables/ip6tables.c	2005-07-29 13:26:35 UTC (rev 4172)
@@ -1029,9 +1029,6 @@
 	unsigned int num_old, num_new, i;
 	struct option *merge;
 
-	/* Release previous options merged if any */
-	free_opts(0);
-
 	for (num_old = 0; oldopts[num_old].name; num_old++);
 	for (num_new = 0; newopts[num_new].name; num_new++);
 
@@ -1040,6 +1037,7 @@
 
 	merge = malloc(sizeof(struct option) * (num_new + num_old + 1));
 	memcpy(merge, oldopts, num_old * sizeof(struct option));
+	free_opts(0); /* Release previous options merged if any */
 	for (i = 0; i < num_new; i++) {
 		merge[num_old + i] = newopts[i];
 		merge[num_old + i].val += *option_offset;

Modified: trunk/iptables/iptables.c
===================================================================
--- trunk/iptables/iptables.c	2005-07-29 12:59:57 UTC (rev 4171)
+++ trunk/iptables/iptables.c	2005-07-29 13:26:35 UTC (rev 4172)
@@ -1029,9 +1029,6 @@
 	unsigned int num_old, num_new, i;
 	struct option *merge;
 
-	/* Release previous options merged if any */
-	free_opts(0);
-	
 	for (num_old = 0; oldopts[num_old].name; num_old++);
 	for (num_new = 0; newopts[num_new].name; num_new++);
 
@@ -1040,6 +1037,7 @@
 
 	merge = malloc(sizeof(struct option) * (num_new + num_old + 1));
 	memcpy(merge, oldopts, num_old * sizeof(struct option));
+	free_opts(0); /* Release previous options merged if any */
 	for (i = 0; i < num_new; i++) {
 		merge[num_old + i] = newopts[i];
 		merge[num_old + i].val += *option_offset;




More information about the netfilter-cvslog mailing list