Another fix for ebtables-restore: When encountering a non-standard target, command_jump() tries to load it and may retrieve an already loaded one taken from xtables_targets. Detect this by checking whether option_offset field is non-zero (i.e., merge_options() has already been called for it) and don't allocate per-target data (which would leak memory) or merge options again (which would break rule parsing afterwards).
Signed-off-by: Phil Sutter <[email protected]> --- iptables/xtables-eb.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c index 644bc63a747c6..06ca5daa20541 100644 --- a/iptables/xtables-eb.c +++ b/iptables/xtables-eb.c @@ -392,6 +392,11 @@ static struct xtables_target *command_jump(struct iptables_command_state *cs, if (!target) return NULL; + /* avoid allocating data and merging options if target was + * already loaded (i.e. returned from xtables_targets list) */ + if (target->option_offset) + return target; + size = XT_ALIGN(sizeof(struct xt_entry_target)) + target->size; -- 2.18.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
