On Tue, May 17, 2016 at 06:00:15PM +0200, Carlos Falgueras García wrote:
> If the user allocates a nftnl_udata_buf and then passes the TLV data to
> nftnl_rule_set_data, the pointer stored in rule.user.data is not the begining of
> the allocated block. In this situation, if it calls to nftnl_rule_free, it tries
> to free this pointer and segfault is thrown.
>
> Signed-off-by: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
> ---
> src/rule.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/src/rule.c b/src/rule.c
> index c299548..3f276f8 100644
> --- a/src/rule.c
> +++ b/src/rule.c
> @@ -167,7 +167,12 @@ void nftnl_rule_set_data(struct nftnl_rule *r, uint16_t attr,
> if (r->user.data != NULL)
> xfree(r->user.data);
>
> - r->user.data = (void *)data;
> + r->user.data = malloc(data_len);
> + if (!r->user.data) {
> + perror("libnftnl: " __FILE__ ": nftnl_rule_set_data()");
We should spot this error messages from the library. The only
exception is when netlink ABI gets broken. So I'm removing this line.
We should add a new version of these setters at some point so we can
return an error (instead of void), so the client may check if the
memory allocation has failed, later.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
