| Message ID | 1454333565-2108-1-git-send-email-pablo@netfilter.org |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
Pablo Neira Ayuso <pablo@netfilter.org> wrote: > payload_match_postprocess() expects a relational with payload of his lhs > and value on the rhs. > > Moreover, payload_match_expand() releases the previous expression so > valgrind reports an use-after-free when pruning the implicit binop. Right, my bad. Please push this fix, thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 7d94f30..ae6abb0 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -1229,13 +1229,12 @@ static void binop_postprocess(struct rule_pp_ctx *ctx, struct expr *expr) value->len = payload->len; } - payload_match_postprocess(ctx, expr, payload); - assert(expr->left->ops->type == EXPR_BINOP); - assert(binop->left == payload); expr->left = expr_get(payload); expr_free(binop); + + payload_match_postprocess(ctx, expr, payload); } }
payload_match_postprocess() expects a relational with payload of his lhs and value on the rhs. Moreover, payload_match_expand() releases the previous expression so valgrind reports an use-after-free when pruning the implicit binop. Fix this by calling payload_match_postprocess() in first place. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- src/netlink_delinearize.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)