[netfilter-cvslog] r4172 - trunk/iptables
laforge at netfilter.org
laforge at netfilter.org
Fri Jul 29 15:26:36 CEST 2005
Author: laforge at netfilter.org
Date: 2005-07-29 15:26:35 +0200 (Fri, 29 Jul 2005)
New Revision: 4172
Modified:
trunk/iptables/ip6tables.c
trunk/iptables/iptables.c
Log:
The call to free_opts() in merge_options() is invalid C. The oldopts
argument always refers to the memory pointed to by the opts global,
which may be freed by the call to free_opts(), but oldopts is used
after the free_opts() call. This patch makes sure we don't use freed
memory. (Marcus Sundberg <marcus at ingate.com>)
ip6tables merge by myself.
Modified: trunk/iptables/ip6tables.c
===================================================================
--- trunk/iptables/ip6tables.c 2005-07-29 12:59:57 UTC (rev 4171)
+++ trunk/iptables/ip6tables.c 2005-07-29 13:26:35 UTC (rev 4172)
@@ -1029,9 +1029,6 @@
unsigned int num_old, num_new, i;
struct option *merge;
- /* Release previous options merged if any */
- free_opts(0);
-
for (num_old = 0; oldopts[num_old].name; num_old++);
for (num_new = 0; newopts[num_new].name; num_new++);
@@ -1040,6 +1037,7 @@
merge = malloc(sizeof(struct option) * (num_new + num_old + 1));
memcpy(merge, oldopts, num_old * sizeof(struct option));
+ free_opts(0); /* Release previous options merged if any */
for (i = 0; i < num_new; i++) {
merge[num_old + i] = newopts[i];
merge[num_old + i].val += *option_offset;
Modified: trunk/iptables/iptables.c
===================================================================
--- trunk/iptables/iptables.c 2005-07-29 12:59:57 UTC (rev 4171)
+++ trunk/iptables/iptables.c 2005-07-29 13:26:35 UTC (rev 4172)
@@ -1029,9 +1029,6 @@
unsigned int num_old, num_new, i;
struct option *merge;
- /* Release previous options merged if any */
- free_opts(0);
-
for (num_old = 0; oldopts[num_old].name; num_old++);
for (num_new = 0; newopts[num_new].name; num_new++);
@@ -1040,6 +1037,7 @@
merge = malloc(sizeof(struct option) * (num_new + num_old + 1));
memcpy(merge, oldopts, num_old * sizeof(struct option));
+ free_opts(0); /* Release previous options merged if any */
for (i = 0; i < num_new; i++) {
merge[num_old + i] = newopts[i];
merge[num_old + i].val += *option_offset;
More information about the netfilter-cvslog
mailing list