[PATCH] iptables segfault on -D

[PATCH] iptables segfault on -D

[Phil Oester]

[-- Attachment #1: Type: text/plain, Size: 275 bytes --]

Using latest 1.3.0-rc1 snapshot, a rule delete causes a segfault:

# iptables -A foo -p tcp --dport 1234   
# iptables -D foo -p tcp --dport 1234
Segmentation fault

Problem is caused by a superfluous memset which memsets a greater-
than-malloced area.  Patch below.

Phil



[-- Attachment #2: patch-sigsegv --]
[-- Type: text/plain, Size: 417 bytes --]

--- ipt-orig/libiptc/libiptc.c	2005-02-01 08:45:56.000000000 -0800
+++ ipt-new/libiptc/libiptc.c	2005-02-03 16:51:46.000000000 -0800
@@ -2047,7 +2047,6 @@
 
 	counterlen = sizeof(STRUCT_COUNTERS_INFO)
 			+ sizeof(STRUCT_COUNTERS) * new_number;
-	memset(repl, 0, sizeof(*repl) + (*handle)->entries->size);
 
 	/* These are the old counters we will get from kernel */
 	repl->counters = malloc(sizeof(STRUCT_COUNTERS)

Re: [PATCH] iptables segfault on -D

[Martin Josefsson]

[-- Attachment #1: Type: text/plain, Size: 595 bytes --]

On Thu, 2005-02-03 at 16:55 -0800, Phil Oester wrote:
> Using latest 1.3.0-rc1 snapshot, a rule delete causes a segfault:
> 
> # iptables -A foo -p tcp --dport 1234   
> # iptables -D foo -p tcp --dport 1234
> Segmentation fault
> 
> Problem is caused by a superfluous memset which memsets a greater-
> than-malloced area.  Patch below.

Yes this memset() is bogus, patch applied. And I removed the other
memset() that was added at the same time in order to stop valgrind from
complaining, that needs more investigation as to why valgrind is
complaining.

Thanks

-- 
/Martin

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]