Hi Pablo, On Mon, Mar 02, 2020 at 08:22:08PM +0100, Pablo Neira Ayuso wrote: > On Mon, Mar 02, 2020 at 06:53:58PM +0100, Phil Sutter wrote: > > While fixing for iptables-nft-restore under stress, I managed to hit > > NULL-pointer deref in flush_cache(). Given that nftnl_*_list_free() > > functions are not NULL-pointer tolerant, better make sure such are not > > passed by accident. > > Could you explain what sequence is triggering the NULL-pointer > dereference? I don't think it is possible to trigger with current upstream code. I hit it while trying to find a fix for the bug described in patch 1, but it was different code. So technically, this is fixing for a problem that doesn't exist. If you therefore consider this change worthless, I'm absolutely fine with dropping it. My motivation to submit it was that it makes flush_cache() behave sane even in odd circumstances. Cheers, Phil
