Trying to recycle an iptables_command_state object by calling first
clear_cs then init_cs callbacks causes invalid data accesses with
ebtables otherwise.
Fixes: fe97f60e5d2a9 ("ebtables-compat: add watchers support")
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/nft-bridge.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index 0f85e21861cde..f75a13fbf1120 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -46,6 +46,7 @@ void ebt_cs_clean(struct iptables_command_state *cs)
free(m);
m = nm;
}
+ cs->match_list = NULL;
if (cs->target) {
free(cs->target->t);
--
2.43.0
