User reports that: 1. Call nft_ctx_clear_vars(); 2. Call nft_ctx_free(). because nft_ctx_clear_vars() is called from nft_ctx_free(). results in double free, set ctx->vars to NULL from nft_ctx_clear_vars(). Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1772 Fixes: 4e8dff2cb4da ("src: expose nft_ctx_clear_vars as API") Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- src/libnftables.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libnftables.c b/src/libnftables.c index 7fc81515258d..2ae215013cb0 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -160,6 +160,7 @@ void nft_ctx_clear_vars(struct nft_ctx *ctx) } ctx->num_vars = 0; free(ctx->vars); + ctx->vars = NULL; } EXPORT_SYMBOL(nft_ctx_add_include_path); -- 2.30.2