From: Michal Privoznik Date: Thu, 27 Nov 2025 11:23:46 +0000 (+0100) Subject: iptablesPrivateChainCreate: Avoid modifying const string X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=821a028c5d766ca4eec655a8695bad07ff771922;p=thirdparty%2Flibvirt.git iptablesPrivateChainCreate: Avoid modifying const string The iptablesPrivateChainCreate() function is given an array of const strings. This constitutes a promise to the caller that the data is not modified. But inside the data is modified anyway (to cut out some parts of the data). Well, with a help from g_strdup() the promise can be kept. Signed-off-by: Michal Privoznik Tested-by: Jaroslav Suchanek Reviewed-by: Ján Tomko --- diff --git a/src/network/network_iptables.c b/src/network/network_iptables.c index 19dcfc7c8b..d21ce59b70 100644 --- a/src/network/network_iptables.c +++ b/src/network/network_iptables.c @@ -84,7 +84,7 @@ iptablesPrivateChainCreate(virFirewall *fw, { iptablesGlobalChainData *data = opaque; g_autoptr(GHashTable) chains = virHashNew(NULL); - g_autoptr(GHashTable) links = virHashNew(NULL); + g_autoptr(GHashTable) links = virHashNew(g_free); const char *const *line; size_t i; @@ -96,16 +96,18 @@ iptablesPrivateChainCreate(virFirewall *fw, if (virHashUpdateEntry(chains, tmp, (void *)0x1) < 0) return -1; } else if ((tmp = STRSKIP(*line, "-A "))) { /* eg "-A INPUT -j LIBVIRT_INP" */ - char *sep = strchr(tmp, ' '); + const char *sep = strchr(tmp, ' '); if (sep) { - char *target; + const char *target; - *sep = '\0'; if ((target = STRSKIP(sep + 1, "-j "))) { - if (virHashUpdateEntry(links, target, - (char *)tmp) < 0) + char *chain = g_strndup(tmp, sep - tmp); + + if (virHashUpdateEntry(links, target, chain) < 0) { + g_free(chain); return -1; + } } } }