fix double-free if a single match is used multiple times within a signle rule

(Closes: #440).  However, while this fixes the double-free, it still doesn't make iptables
support two of the same matches within one rule.  Apparently the last matchinfo is copied into all the previous
matchinfo instances.

diff --git a/ip6tables.c b/ip6tables.c
index 6afe68fd841c06b5a1bde7473ec359718154228e..e2c514e2eee7507b8c1edaf27168daeb9360bba2 100644 (file)
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1691,8 +1691,10 @@ void clear_rule_matches(struct ip6tables_rule_match **matches)
 
        for (matchp = *matches; matchp;) {
                tmp = matchp->next;
-               if (matchp->match->m)
+               if (matchp->match->m) {
                        free(matchp->match->m);
+                       matchp->match->m = NULL;
+               }
                free(matchp);
                matchp = tmp;
        }

diff --git a/iptables.c b/iptables.c
index e22b9ea1c38fa563722d139a60aec6afe7b9ad3c..b66e5e1b6f577a7a26b5a606cf1630d1b0f6c358 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -1800,8 +1800,10 @@ void clear_rule_matches(struct iptables_rule_match **matches)
 
        for (matchp = *matches; matchp;) {
                tmp = matchp->next;
-               if (matchp->match->m)
+               if (matchp->match->m) {
                        free(matchp->match->m);
+                       matchp->match->m = NULL;
+               }
                free(matchp);
                matchp = tmp;
        }