libnftables: Zero ctx->vars after freeing it

Leaving the invalid pointer value in place will cause a double-free when
users call nft_ctx_clear_vars() first, then nft_ctx_free(). Moreover,
nft_ctx_add_var() passes the pointer to mrealloc() and thus assumes it
to be either NULL or valid.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1772
Fixes: 9edaa6a51eab4 ("src: add --define key=value")
Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/src/libnftables.c b/src/libnftables.c
index 7fc81515258d19467171f80d96fc5e738c702c49..2ae215013cb0a1f9e47145b1a0100268558b75db 100644 (file)
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -160,6 +160,7 @@ void nft_ctx_clear_vars(struct nft_ctx *ctx)
        }
        ctx->num_vars = 0;
        free(ctx->vars);
+       ctx->vars = NULL;
 }
 
 EXPORT_SYMBOL(nft_ctx_add_include_path);