[nft] libnftables: set variable array to NULL after release

Message ID	20240903121910.305004-1-pablo@netfilter.org
State	Superseded
Headers	show Return-Path: <netfilter-devel+bounces-3646-incoming=patchwork.ozlabs.org@vger.kernel.org> From: Pablo Neira Ayuso <pablo@netfilter.org> To: netfilter-devel@vger.kernel.org Subject: [PATCH nft] libnftables: set variable array to NULL after release Date: Tue, 3 Sep 2024 14:19:10 +0200 Message-Id: <20240903121910.305004-1-pablo@netfilter.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[nft] libnftables: set variable array to NULL after release \| expand [nft] libnftables: set variable array to NULL after release

Message ID

20240903121910.305004-1-pablo@netfilter.org

State

Superseded

Headers

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nft] libnftables: set variable array to NULL after release
Date: Tue,  3 Sep 2024 14:19:10 +0200
Message-Id: <20240903121910.305004-1-pablo@netfilter.org>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[nft] libnftables: set variable array to NULL after release | expand

Commit Message

Pablo Neira Ayuso Sept. 3, 2024, 12:19 p.m. UTC

User reports that:

1. Call nft_ctx_clear_vars();
2. Call nft_ctx_free().

because nft_ctx_clear_vars() is called from nft_ctx_free().

results in double free, set ctx->vars to NULL from nft_ctx_clear_vars().

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1772
Fixes: 4e8dff2cb4da ("src: expose nft_ctx_clear_vars as API")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/libnftables.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/libnftables.c b/src/libnftables.c
index 7fc81515258d..2ae215013cb0 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -160,6 +160,7 @@  void nft_ctx_clear_vars(struct nft_ctx *ctx)
 	}
 	ctx->num_vars = 0;
 	free(ctx->vars);
+	ctx->vars = NULL;
 }
 
 EXPORT_SYMBOL(nft_ctx_add_include_path);

[nft] libnftables: set variable array to NULL after release

Commit Message

Patch