On Tue, Nov 27, 2012 at 04:37:36PM +0100, Florian Westphal wrote: > some attributes are pointers to malloc'd objects. Simply copying the > pointer results in use-after free when the original or the clone is > destroyed. > > Fix it by using nfct_copy instead of memcpy and add proper test case > for cloned objects: > - nfct_cmp of orig and clone should return 1 (equal) > - freeing both the original and the clone should > neither leak memory nor result in double-frees. > > the testsuite changes revealed a few more problems: > - ct1->timeout == ct2->timeout returned 0, ie. same timeout > was considered "not equal" by nfct_cmp > - secctx comparision causes "Invalid address" valgrind warnings > when pointer is NULL > - NFCT_CP_OVERRIDE did not handle helper attribute and > erronously freed ct1 secctx memory. > > While at it, bump qa_test data dummy to 256 (else, valgrind > complains about move-depends-on-uninitialized-memory). > > Lastly, fix compilation of test_api by killing bogus ATTR_CONNLABEL. > > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> This is great, thanks Florian. Acked-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
