From c6f43b7d2b946eeaa90638c9de73bc8174692686 Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Thu, 28 Mar 2024 09:02:42 -0400 Subject: [PATCH] MT#55283 Fix for crash introduced by 6c03a44c NFTNL_EXPR_TG_INFO actually expects the info data to be heap allocated via malloc(), as it will free() it when the expression is freed via nftnl_expr_free(). No symbol table info available. No symbol table info available. No symbol table info available. No locals. No locals. r = 0x55e087c75130 err = err = args=args@entry=0x7ffc80943460) at ./nftables.c:593 err = nl = 0x55e087c4add0 seq = 1711621092 err = 0x0 nl = seq = err = No locals. Log: rtpengine[269176]: INFO: [crypto] Generating new DTLS certificate rtpengine[269176]: DEBUG: [crypto] Using EC-prime256v1 key for DTLS certificate rtpengine[269176]: free(): invalid pointer rtpengine[269792]: INFO: [crypto] Generating new DTLS certificate rtpengine[269792]: DEBUG: [crypto] Using EC-prime256v1 key for DTLS certificate rtpengine[269792]: free(): invalid pointer rtpengine[270372]: INFO: [crypto] Generating new DTLS certificate rtpengine[270372]: DEBUG: [crypto] Using EC-prime256v1 key for DTLS certificate rtpengine[270372]: free(): invalid pointer rtpengine[2487]: INFO: [crypto] Generating new DTLS certificate rtpengine[2487]: DEBUG: [crypto] Using EC-prime256v1 key for DTLS certificate rtpengine[2487]: free(): invalid pointer Change-Id: Id67a4bb4cd3627d7ea6aed1b9f7d73b80ed676c8 --- daemon/nftables.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/daemon/nftables.c b/daemon/nftables.c index d08157424..7c9c1566e 100644 --- a/daemon/nftables.c +++ b/daemon/nftables.c @@ -54,9 +54,6 @@ struct add_rule_callbacks { const char *base_chain; int table; bool append; - - // intermediate storage area - struct xt_rtpengine_info rtpe_target_info; }; @@ -463,9 +460,12 @@ static const char *rtpe_target_base(struct nftnl_rule *r, struct add_rule_callba nftnl_expr_set_str(e, NFTNL_EXPR_TG_NAME, "RTPENGINE"); nftnl_expr_set_u32(e, NFTNL_EXPR_TG_REV, 0); - callbacks->rtpe_target_info = (struct xt_rtpengine_info) { .id = callbacks->table }; + struct xt_rtpengine_info *info = malloc(sizeof(*info)); + if (!info) + return "failed to allocate target info for RTPENGINE"; + *info = (__typeof__(*info)) { .id = callbacks->table }; - nftnl_expr_set(e, NFTNL_EXPR_TG_INFO, &callbacks->rtpe_target_info, sizeof(callbacks->rtpe_target_info)); + nftnl_expr_set(e, NFTNL_EXPR_TG_INFO, info, sizeof(*info)); nftnl_rule_add_expr(r, e);