]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5d57fa3)
monitor: Fix for use after free when printing map elements
authorPhil Sutter <phil@nwl.cc>
Thu, 9 Jan 2020 16:43:11 +0000 (17:43 +0100)
committerPhil Sutter <phil@nwl.cc>
Fri, 10 Jan 2020 11:37:22 +0000 (12:37 +0100)
When populating the dummy set, 'data' field must be cloned just like
'key' field.

Fixes: 343a51702656a ("src: store expr, not dtype to track data in sets")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/monitor.c patch | blob | blame | history

diff --git a/src/monitor.c b/src/monitor.c
index 84505eb914bf61c119f801432dc28533d8c97642..53a8bcd4641d1ea49dcc7cd22f56840c548d2da9 100644 (file)
--- a/src/monitor.c
+++ b/src/monitor.c
@@ -401,7 +401,8 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type,
         */
        dummyset = set_alloc(monh->loc);
        dummyset->key = expr_clone(set->key);
-       dummyset->data = set->data;
+       if (set->data)
+               dummyset->data = expr_clone(set->data);
        dummyset->flags = set->flags;
        dummyset->init = set_expr_alloc(monh->loc, set);
 
Mirror of git://git.netfilter.org/nftables