[PATCH] segmentation fault in free

[PATCH] segmentation fault in free

[Thomas Woerner]

[-- Attachment #1: Type: text/plain, Size: 636 bytes --]


Hello,


I have found a bad bug in iptables. saddrs and daddrs are allocated with calloc in 
host_to_addr if a hostname resolves to more than one ip address, but each array 
element if getting freed in do_command. The first free will free the whole array and 
the others are returning that this is not a pointer or are segfaulting.

Fix for this is attached.


Thanks,
Thomas

-- 
Thomas Woerner
Software Engineer            Phone: +49-711-96437-310
Red Hat GmbH                 Fax  : +49-711-96437-111
Hauptstaetterstr. 58         Email: Thomas Woerner <twoerner@redhat.com>
D-70178 Stuttgart            Web  : http://www.redhat.de/

[-- Attachment #2: iptables-1.2.11-free.patch --]
[-- Type: text/x-patch, Size: 369 bytes --]

--- iptables-1.2.11/iptables.c.free	2004-08-25 19:15:29.000000000 +0200
+++ iptables-1.2.11/iptables.c	2004-08-26 15:34:28.490605182 +0200
@@ -2344,11 +2344,8 @@
 		e = NULL;
 	}
 
-	for (c = 0; c < nsaddrs; c++)
-		free(&saddrs[c]);
-
-	for (c = 0; c < ndaddrs; c++)
-		free(&daddrs[c]);
+	free(saddrs);
+	free(daddrs);
 
 	if (opts != original_opts) {
 		free(opts);

Re: [PATCH] segmentation fault in free

[Patrick McHardy]

Thomas Woerner wrote:

>
> Hello,
>
>
> I have found a bad bug in iptables. saddrs and daddrs are allocated 
> with calloc in host_to_addr if a hostname resolves to more than one ip 
> address, but each array element if getting freed in do_command. The 
> first free will free the whole array and the others are returning that 
> this is not a pointer or are segfaulting.
>
> Fix for this is attached.


Thanks, already fixed in CVS.

Regards
Patrick