cmd: fix handle use after free for implicit set declarations

author Patrick McHardy <kaber@trash.net>

Mon, 10 Dec 2012 15:20:14 +0000 (16:20 +0100)

committer Patrick McHardy <kaber@trash.net>

Mon, 10 Dec 2012 15:20:30 +0000 (16:20 +0100)
author Patrick McHardy <kaber@trash.net>
Mon, 10 Dec 2012 15:20:14 +0000 (16:20 +0100)
committer Patrick McHardy <kaber@trash.net>
Mon, 10 Dec 2012 15:20:30 +0000 (16:20 +0100)
diff --git a/src/evaluate.c b/src/evaluate.c

index 01c6bd782a44f4bf11315ab7c91450dc01103aea..906c10022f7678655fbb7b704d208844fa979c49 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -76,6 +76,7 @@ static struct expr *implicit_set_declaration(struct eval_ctx *ctx,
  {
         struct cmd *cmd;
         struct set *set;
+       struct handle h;
  
         set = set_alloc(&expr->location);
         set->flags      = SET_F_CONSTANT | SET_F_ANONYMOUS | expr->set_flags;
@@ -88,7 +89,9 @@ static struct expr *implicit_set_declaration(struct eval_ctx *ctx,
                 list_add_tail(&set->list, &ctx->table->sets);
         else {
                 handle_merge(&set->handle, &ctx->cmd->handle);
-               cmd = cmd_alloc(CMD_ADD, CMD_OBJ_SET, &set->handle, set);
+               memset(&h, 0, sizeof(h));
+               handle_merge(&h, &set->handle);
+               cmd = cmd_alloc(CMD_ADD, CMD_OBJ_SET, &h, set);
                 cmd->location = set->location;
                 list_add_tail(&cmd->list, &ctx->cmd->list);
         }
author	Patrick McHardy <kaber@trash.net>
	Mon, 10 Dec 2012 15:20:14 +0000 (16:20 +0100)
committer	Patrick McHardy <kaber@trash.net>
	Mon, 10 Dec 2012 15:20:30 +0000 (16:20 +0100)