From patchwork Sun Mar 19 14:01:10 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Liping Zhang X-Patchwork-Id: 740693 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3vmMR13WWVz9s03 for ; Mon, 20 Mar 2017 01:49:01 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=163.com header.i=@163.com header.b="QsydKuXQ"; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751782AbdCSOtB (ORCPT ); Sun, 19 Mar 2017 10:49:01 -0400 Received: from m12-11.163.com ([220.181.12.11]:45409 "EHLO m12-11.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751463AbdCSOtA (ORCPT ); Sun, 19 Mar 2017 10:49:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=3Eyz0YVwWGZqigbv4M 576r1w4P+t4pzWrfO64Fa39uE=; b=QsydKuXQUqTlvcUJxsy4W0YaE85KfuJRjZ 0NweQnpzsir8IZgDhjzlpqOSscmbeXVPKR6LHCLquc+onduA+5r9qYs4KxPUzzK7 VYioCCOr2Rg311GqnDHvoAHIavi+g4vNPQlbETUiJzxdwYq5Z9cJphF0YtBbfW+L 0PusS9P3U= Received: from MiWiFi-R2D-srv.localdomain (unknown [180.164.151.144]) by smtp7 (Coremail) with SMTP id C8CowAD3ck04j85YnD7vAA--.20454S2; Sun, 19 Mar 2017 22:01:36 +0800 (CST) From: Liping Zhang To: pablo@netfilter.org Cc: netfilter-devel@vger.kernel.org, Liping Zhang Subject: [PATCH libnetfilter_cthelper] examples: fix double free in nftc-helper-add Date: Sun, 19 Mar 2017 22:01:10 +0800 Message-Id: <1489932070-57299-1-git-send-email-zlpnobody@163.com> X-Mailer: git-send-email 2.5.5 X-CM-TRANSID: C8CowAD3ck04j85YnD7vAA--.20454S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7AFy7XF4rGw43JFyktrykGrg_yoW8Wr4rpr W2g392grWvqF1rAw4DCw1I9w1jvr4UWF4UWFn5Jr4fCw13Jrnavw4ayF18uF4DWws8try5 J3ZIyry7AF1UCaUanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07js8n5UUUUU= X-Originating-IP: [180.164.151.144] X-CM-SenderInfo: x2os00perg5qqrwthudrp/1tbiVACfl1UL-paj-QAAs0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org From: Liping Zhang After inputting the following test command, core dump happened: # ./examples/nfct-helper-add test 1 *** Error in `.../libnetfilter_cthelper/examples/.libs/lt-nfct-helper-add': double free or corruption (fasttop): 0x0000000001f3c070 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x77de5)[0x7fd9ebe88de5] /lib64/libc.so.6(+0x8022a)[0x7fd9ebe9122a] /lib64/libc.so.6(cfree+0x4c)[0x7fd9ebe9478c] [...] Because "struct nfct_helper_policy *p" had been freed by nfct_helper_free, so there's no need to invoke nfct_helper_policy_free again, otherwise dobule free error will happen. Signed-off-by: Liping Zhang --- examples/nfct-helper-add.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/nfct-helper-add.c b/examples/nfct-helper-add.c index 6c47626..cb7291e 100644 --- a/examples/nfct-helper-add.c +++ b/examples/nfct-helper-add.c @@ -32,6 +32,7 @@ int main(int argc, char *argv[]) nfct_helper_attr_set_u16(nfct_helper, NFCTH_ATTR_PROTO_L3NUM, AF_INET); nfct_helper_attr_set_u8(nfct_helper, NFCTH_ATTR_PROTO_L4NUM, IPPROTO_TCP); + /* Will be freed by nfct_helper_free. */ p = nfct_helper_policy_alloc(); if (p == NULL) { perror("OOM"); @@ -49,7 +50,6 @@ int main(int argc, char *argv[]) nfct_helper_nlmsg_build_payload(nlh, nfct_helper); nfct_helper_free(nfct_helper); - nfct_helper_policy_free(p); nl = mnl_socket_open(NETLINK_NETFILTER); if (nl == NULL) {