nameif: fix use-after-free in ENABLE_FEATURE_CLEAN_UP code
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
diff --git a/networking/nameif.c b/networking/nameif.c
index 5d7e8f9..9a8846d 100644
--- a/networking/nameif.c
+++ b/networking/nameif.c
@@ -292,12 +292,11 @@
if (ch->mac && memcmp(ch->mac, ifr.ifr_hwaddr.sa_data, ETH_ALEN) != 0)
continue;
/* if we came here, all selectors have matched */
- break;
+ goto found;
}
/* Nothing found for current interface */
- if (!ch)
- continue;
-
+ continue;
+ found:
if (strcmp(ifr.ifr_name, ch->ifname) != 0) {
strcpy(ifr.ifr_newname, ch->ifname);
ioctl_or_perror_and_die(ctl_sk, SIOCSIFNAME, &ifr,
@@ -313,10 +312,14 @@
ch->next->prev = ch->prev;
if (ENABLE_FEATURE_CLEAN_UP)
delete_eth_table(ch);
- }
+ } /* while */
+
if (ENABLE_FEATURE_CLEAN_UP) {
- for (ch = clist; ch; ch = ch->next)
+ ethtable_t *next;
+ for (ch = clist; ch; ch = next) {
+ next = ch->next;
delete_eth_table(ch);
+ }
config_close(parser);
};