I'm experimenting with conntrack / conntrackd, when running nfct I got a segfault. The segfault is fixed by moving the first free: GDB shows the segfault on free of the pointer 0x45454545... Valgrind shows me this: ==5278== Invalid read of size 8 ==5278== at 0x523E970: nfct_helper_free (libnetfilter_cthelper.c:118) ==5278== by 0x403361: nfct_cmd_helper_add (helper.c:249) ==5278== by 0x401EB0: main (nfct.c:77) ==5278== Address 0x59f4618 is 40 bytes inside a block of size 80 free'd ==5278== at 0x4C28ADC: free (vg_replace_malloc.c:446) ==5278== by 0x523E96F: nfct_helper_free (libnetfilter_cthelper.c:116) ==5278== by 0x403361: nfct_cmd_helper_add (helper.c:249) ==5278== by 0x401EB0: main (nfct.c:77) OBS-URL: https://build.opensuse.org/request/show/264334 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/libnetfilter_cthelper?expand=0&rev=20
16 lines
402 B
Diff
16 lines
402 B
Diff
--- libnetfilter_cthelper-1.0.0.orig/src/libnetfilter_cthelper.c 2012-06-05 17:59:28.810356258 +0100
|
|
+++ libnetfilter_cthelper-1.0.0/src/libnetfilter_cthelper.c 2014-12-07 19:52:55.769975500 +0000
|
|
@@ -113,11 +113,11 @@
|
|
{
|
|
int i;
|
|
|
|
- free(h);
|
|
for (i=0; i<NF_CT_HELPER_CLASS_MAX; i++) {
|
|
if (h->expect_policy[i])
|
|
free(h->expect_policy[i]);
|
|
}
|
|
+ free(h);
|
|
}
|
|
EXPORT_SYMBOL(nfct_helper_free);
|
|
|