Leaving the invalid pointer value in place will cause a double-free when users call nft_ctx_clear_vars() first, then nft_ctx_free(). Moreover, nft_ctx_add_var() passes the pointer to mrealloc() and thus assumes it to be either NULL or valid. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1772 Fixes: 9edaa6a51eab4 ("src: add --define key=value") Signed-off-by: Phil Sutter <phil@xxxxxx> --- src/libnftables.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libnftables.c b/src/libnftables.c index 7fc81515258d1..2ae215013cb0a 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -160,6 +160,7 @@ void nft_ctx_clear_vars(struct nft_ctx *ctx) } ctx->num_vars = 0; free(ctx->vars); + ctx->vars = NULL; } EXPORT_SYMBOL(nft_ctx_add_include_path); -- 2.43.0
