On Fri, Jul 27, 2018 at 12:22:32AM +0200, Phil Sutter wrote: > Another fix for ebtables-restore: When encountering a non-standard > target, command_jump() tries to load it and may retrieve an already > loaded one taken from xtables_targets. Detect this by checking whether > option_offset field is non-zero (i.e., merge_options() has already been > called for it) and don't allocate per-target data (which would leak > memory) or merge options again (which would break rule parsing > afterwards). > > Signed-off-by: Phil Sutter <phil@xxxxxx> > --- > iptables/xtables-eb.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c > index 644bc63a747c6..06ca5daa20541 100644 > --- a/iptables/xtables-eb.c > +++ b/iptables/xtables-eb.c > @@ -392,6 +392,11 @@ static struct xtables_target *command_jump(struct iptables_command_state *cs, > if (!target) > return NULL; > > + /* avoid allocating data and merging options if target was > + * already loaded (i.e. returned from xtables_targets list) */ > + if (target->option_offset) > + return target; Hm, I overlook this: command_jump() in iptables/xtables.c doesn't need this, why do we need it here? > size = XT_ALIGN(sizeof(struct xt_entry_target)) > + target->size; > > -- > 2.18.0 > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
