[PATCH] iptables segfault on -D
Phil Oester
kernel at linuxace.com
Fri Feb 4 01:55:37 CET 2005
Using latest 1.3.0-rc1 snapshot, a rule delete causes a segfault:
# iptables -A foo -p tcp --dport 1234
# iptables -D foo -p tcp --dport 1234
Segmentation fault
Problem is caused by a superfluous memset which memsets a greater-
than-malloced area. Patch below.
Phil
-------------- next part --------------
--- ipt-orig/libiptc/libiptc.c 2005-02-01 08:45:56.000000000 -0800
+++ ipt-new/libiptc/libiptc.c 2005-02-03 16:51:46.000000000 -0800
@@ -2047,7 +2047,6 @@
counterlen = sizeof(STRUCT_COUNTERS_INFO)
+ sizeof(STRUCT_COUNTERS) * new_number;
- memset(repl, 0, sizeof(*repl) + (*handle)->entries->size);
/* These are the old counters we will get from kernel */
repl->counters = malloc(sizeof(STRUCT_COUNTERS)
More information about the netfilter-devel
mailing list