[ANNOUNCE] Release of iptables-1.3.2
Marcus Sundberg
marcus at ingate.com
Sat Jul 16 14:58:45 CEST 2005
Netfilter Core Team wrote:
> - Release previously merged options from merge_opts(), reduces memory-usage of
> ipt ables-restore dramatically
Hi,
the call to free_opts() in merge_options() is invalid C. The oldopts
argument always refers to the memory pointed to by the opts global,
which may be freed by the call to free_opts(), but oldopts is used
after the free_opts() call. This patch makes sure we don't use freed
memory.
//Marcus
--- iptables.c 2005/07/16 12:52:33
+++ iptables.c 2005/07/16 12:52:45
@@ -1028,9 +1028,6 @@ merge_options(struct option *oldopts, co
unsigned int num_old, num_new, i;
struct option *merge;
- /* Release previous options merged if any */
- free_opts(0);
-
for (num_old = 0; oldopts[num_old].name; num_old++);
for (num_new = 0; newopts[num_new].name; num_new++);
@@ -1039,6 +1036,7 @@ merge_options(struct option *oldopts, co
merge = malloc(sizeof(struct option) * (num_new + num_old + 1));
memcpy(merge, oldopts, num_old * sizeof(struct option));
+ free_opts(0); /* Release previous options merged if any */
for (i = 0; i < num_new; i++) {
merge[num_old + i] = newopts[i];
merge[num_old + i].val += *option_offset;
--
---------------------------------------+--------------------------
Marcus Sundberg <marcus at ingate.com> | Firewalls with SIP & NAT
Software Developer, Ingate Systems AB | http://www.ingate.com/
More information about the netfilter-devel
mailing list