[PATCH libnetfilter_cthelper] examples: fix double free in nftc-helper-add

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Liping Zhang <zlpnobody@163.com>
To: pablo@netfilter.org
Cc: netfilter-devel@vger.kernel.org, Liping Zhang <zlpnobody@gmail.com>
Subject: [PATCH libnetfilter_cthelper] examples: fix double free in nftc-helper-add
Date: Sun, 19 Mar 2017 22:01:10 +0800	[thread overview]
Message-ID: <1489932070-57299-1-git-send-email-zlpnobody@163.com> (raw)

From: Liping Zhang <zlpnobody@gmail.com>

After inputting the following test command, core dump happened:
  # ./examples/nfct-helper-add test 1
  *** Error in
 `.../libnetfilter_cthelper/examples/.libs/lt-nfct-helper-add':
  double free or corruption (fasttop): 0x0000000001f3c070 ***
  ======= Backtrace: =========
  /lib64/libc.so.6(+0x77de5)[0x7fd9ebe88de5]
  /lib64/libc.so.6(+0x8022a)[0x7fd9ebe9122a]
  /lib64/libc.so.6(cfree+0x4c)[0x7fd9ebe9478c]
  [...]

Because "struct nfct_helper_policy *p" had been freed by nfct_helper_free,
so there's no need to invoke nfct_helper_policy_free again, otherwise
dobule free error will happen.

Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
---
 examples/nfct-helper-add.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/nfct-helper-add.c b/examples/nfct-helper-add.c
index 6c47626..cb7291e 100644
--- a/examples/nfct-helper-add.c
+++ b/examples/nfct-helper-add.c
@@ -32,6 +32,7 @@ int main(int argc, char *argv[])
 	nfct_helper_attr_set_u16(nfct_helper, NFCTH_ATTR_PROTO_L3NUM, AF_INET);
 	nfct_helper_attr_set_u8(nfct_helper, NFCTH_ATTR_PROTO_L4NUM, IPPROTO_TCP);
 
+	/* Will be freed by nfct_helper_free. */
 	p = nfct_helper_policy_alloc();
 	if (p == NULL) {
 		perror("OOM");
@@ -49,7 +50,6 @@ int main(int argc, char *argv[])
 	nfct_helper_nlmsg_build_payload(nlh, nfct_helper);
 
 	nfct_helper_free(nfct_helper);
-	nfct_helper_policy_free(p);
 
 	nl = mnl_socket_open(NETLINK_NETFILTER);
 	if (nl == NULL) {
-- 
2.5.5

next             reply	other threads:[~2017-03-19 14:49 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-19 14:01 Liping Zhang [this message]
2017-03-21 10:41 ` [PATCH libnetfilter_cthelper] examples: fix double free in nftc-helper-add Pablo Neira Ayuso

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:6c47626 dfblob:cb7291e )
 OR (
bs:"[PATCH libnetfilter_cthelper] examples: fix double free in nftc-helper-add" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1489932070-57299-1-git-send-email-zlpnobody@163.com \
    --to=zlpnobody@163.com \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=zlpnobody@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).