Accepting request 264334 from home:chorler:branches:security:netfilter

I'm experimenting with conntrack / conntrackd, when running nfct I got a segfault. The segfault is fixed by moving the first free: GDB shows the segfault on free of the pointer 0x45454545... Valgrind shows me this: ==5278== Invalid read of size 8 ==5278== at 0x523E970: nfct_helper_free (libnetfilter_cthelper.c:118) ==5278== by 0x403361: nfct_cmd_helper_add (helper.c:249) ==5278== by 0x401EB0: main (nfct.c:77) ==5278== Address 0x59f4618 is 40 bytes inside a block of size 80 free'd ==5278== at 0x4C28ADC: free (vg_replace_malloc.c:446) ==5278== by 0x523E96F: nfct_helper_free (libnetfilter_cthelper.c:116) ==5278== by 0x403361: nfct_cmd_helper_add (helper.c:249) ==5278== by 0x401EB0: main (nfct.c:77) OBS-URL: https://build.opensuse.org/request/show/264334 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/libnetfilter_cthelper?expand=0&rev=20
2014-12-08 17:16:34 +00:00 · 2014-12-08 17:16:34 +00:00 · d2915c3e86
commit d2915c3e86
parent d0cd95a222
3 changed files with 22 additions and 0 deletions
--- a/fix_h_expect_policy_free.patch
+++ b/fix_h_expect_policy_free.patch
@ -0,0 +1,15 @@
+--- libnetfilter_cthelper-1.0.0.orig/src/libnetfilter_cthelper.c	2012-06-05 17:59:28.810356258 +0100
+++ libnetfilter_cthelper-1.0.0/src/libnetfilter_cthelper.c	2014-12-07 19:52:55.769975500 +0000
+@@ -113,11 +113,11 @@
+ {
+ 	int i;
+ 
+-	free(h);
+ 	for (i=0; i<NF_CT_HELPER_CLASS_MAX; i++) {
+ 		if (h->expect_policy[i])
+ 			free(h->expect_policy[i]);
+ 	}
+	free(h);
+ }
+ EXPORT_SYMBOL(nfct_helper_free);
+ 
--- a/libnetfilter_cthelper.changes
+++ b/libnetfilter_cthelper.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Sun Dec  7 19:58:44 UTC 2014 - cshorler@googlemail.com
+
+- fix segfault due to free of free'd pointer 
+
 -------------------------------------------------------------------
 Tue Sep 23 15:43:40 UTC 2014 - jengelh@inai.de

--- a/libnetfilter_cthelper.spec
+++ b/libnetfilter_cthelper.spec
@ -31,6 +31,7 @@ Source:         http://netfilter.org/projects/libnetfilter_cthelper/files/%name-
 Source2:        http://netfilter.org/projects/libnetfilter_cthelper/files/%name-%version.tar.bz2.sig
 Source3:        baselibs.conf
 Source4:        %name.keyring
+Patch0:         fix_h_expect_policy_free.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 #BuildRequires:  autoconf
 #BuildRequires:  automake >= 1.6
@ -61,6 +62,7 @@ Netfilter userspace helper infrastructure.

 %prep
 %setup -q
+%patch0 -p1

 %build
 if [ ! -e configure ]; then