projects
/
project
/
firewall3.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
iptables: fix regression with unintended free in need_protomatch
[project/firewall3.git]
/
iptables.c
diff --git
a/iptables.c
b/iptables.c
index 49b34394dfec4df361ec1cf6778cade831454c7c..d03d1dd2933e8000712a0696c4e0d60fa6142347 100644
(file)
--- a/
iptables.c
+++ b/
iptables.c
@@
-709,12
+709,18
@@
init_match(struct fw3_ipt_rule *r, struct xtables_match *m, bool no_clone)
static bool
need_protomatch(struct fw3_ipt_rule *r, const char *pname)
{
static bool
need_protomatch(struct fw3_ipt_rule *r, const char *pname)
{
+ struct xtables_match *match;
+
if (!pname)
return false;
if (!pname)
return false;
- if (!xtables_find_match(pname, XTF_DONT_LOAD, NULL))
+ match = xtables_find_match(pname, XTF_DONT_LOAD, NULL);
+ if (!match)
return true;
return true;
+ /* Free any kind of clone from xtables_find_match */
+ if (match == match->next)
+ free(match);
return !r->protocol_loaded;
}
return !r->protocol_loaded;
}