|
|
1374ad |
From 1490609a3d82e494168a390b34094bacc5e83c02 Mon Sep 17 00:00:00 2001
|
|
|
1374ad |
From: Phil Sutter <psutter@redhat.com>
|
|
|
1374ad |
Date: Tue, 18 May 2021 18:06:50 +0200
|
|
|
1374ad |
Subject: [PATCH] monitor: Fix for use after free when printing map elements
|
|
|
1374ad |
|
|
|
1374ad |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1919203
|
|
|
1374ad |
Upstream Status: nftables commit 02174ffad484d
|
|
|
1374ad |
|
|
|
1374ad |
commit 02174ffad484d9711678e5d415c32307efc39857
|
|
|
1374ad |
Author: Phil Sutter <phil@nwl.cc>
|
|
|
1374ad |
Date: Thu Jan 9 17:43:11 2020 +0100
|
|
|
1374ad |
|
|
|
1374ad |
monitor: Fix for use after free when printing map elements
|
|
|
1374ad |
|
|
|
1374ad |
When populating the dummy set, 'data' field must be cloned just like
|
|
|
1374ad |
'key' field.
|
|
|
1374ad |
|
|
|
1374ad |
Fixes: 343a51702656a ("src: store expr, not dtype to track data in sets")
|
|
|
1374ad |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
1374ad |
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
1374ad |
---
|
|
|
1374ad |
src/monitor.c | 3 ++-
|
|
|
1374ad |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
1374ad |
|
|
|
1374ad |
diff --git a/src/monitor.c b/src/monitor.c
|
|
|
1374ad |
index 7927b6f..142cc92 100644
|
|
|
1374ad |
--- a/src/monitor.c
|
|
|
1374ad |
+++ b/src/monitor.c
|
|
|
1374ad |
@@ -401,7 +401,8 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type,
|
|
|
1374ad |
*/
|
|
|
1374ad |
dummyset = set_alloc(monh->loc);
|
|
|
1374ad |
dummyset->key = expr_clone(set->key);
|
|
|
1374ad |
- dummyset->data = set->data;
|
|
|
1374ad |
+ if (set->data)
|
|
|
1374ad |
+ dummyset->data = expr_clone(set->data);
|
|
|
1374ad |
dummyset->flags = set->flags;
|
|
|
1374ad |
dummyset->init = set_expr_alloc(monh->loc, set);
|
|
|
1374ad |
|
|
|
1374ad |
--
|
|
|
bfbb76 |
2.31.1
|
|
|
1374ad |
|