]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 001bd5b) | patch
segtree: Fix segfault when restoring a huge interval set
authorPhil Sutter <phil@nwl.cc>
Wed, 9 Jun 2021 13:49:52 +0000 (15:49 +0200)
committerPhil Sutter <phil@nwl.cc>
Wed, 9 Jun 2021 17:36:25 +0000 (19:36 +0200)
commitbaecd1cf26851a4c5b7d469206a488f14fe5b147
tree86f5285c2fd39b5dbc941b489a4f915551b23599tree
parent001bd5b1b744428c77c68dd371fed58c3dc511f2commit | diff
segtree: Fix segfault when restoring a huge interval set

Restoring a set of IPv4 prefixes with about 1.1M elements crashes nft as
set_to_segtree() exhausts the stack. Prevent this by allocating the
pointer array on heap and make sure it is freed before returning to
caller.

With this patch in place, restoring said set succeeds with allocation of
about 3GB of memory, according to valgrind.

Signed-off-by: Phil Sutter <phil@nwl.cc>
src/segtree.c diff | blob | blame | history
Mirror of git://git.netfilter.org/nftables