From: Harald Welte <laforge@gnumonks.org>
Date: Sat, 11 Feb 2006 09:34:16 +0000 (+0000)
Subject: fix double-free if a single match is used multiple times within a signle rule
X-Git-Tag: v1.3.6~48
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d6bc6084bca3304a8cc800a57869bef1e21498de;p=thirdparty%2Fiptables.git

fix double-free if a single match is used multiple times within a signle rule
(Closes: #440).  However, while this fixes the double-free, it still doesn't make iptables
support two of the same matches within one rule.  Apparently the last matchinfo is copied into all the previous
matchinfo instances.
---

diff --git a/ip6tables.c b/ip6tables.c
index 6afe68fd..e2c514e2 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1691,8 +1691,10 @@ void clear_rule_matches(struct ip6tables_rule_match **matches)
 
 	for (matchp = *matches; matchp;) {
 		tmp = matchp->next;
-		if (matchp->match->m)
+		if (matchp->match->m) {
 			free(matchp->match->m);
+			matchp->match->m = NULL;
+		}
 		free(matchp);
 		matchp = tmp;
 	}
diff --git a/iptables.c b/iptables.c
index e22b9ea1..b66e5e1b 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1800,8 +1800,10 @@ void clear_rule_matches(struct iptables_rule_match **matches)
 
 	for (matchp = *matches; matchp;) {
 		tmp = matchp->next;
-		if (matchp->match->m)
+		if (matchp->match->m) {
 			free(matchp->match->m);
+			matchp->match->m = NULL;
+		}
 		free(matchp);
 		matchp = tmp;
 	}