From: Michal Privoznik <[email protected]> The iptablesPrivateChainCreate() function is given an array of const strings. This constitutes a promise to the caller that the data is not modified. But inside the data is modified anyway (to cut out some parts of the data). Well, with a help from g_strdup() the promise can be kept.
Signed-off-by: Michal Privoznik <[email protected]> --- src/network/network_iptables.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/network/network_iptables.c b/src/network/network_iptables.c index 19dcfc7c8b..d21ce59b70 100644 --- a/src/network/network_iptables.c +++ b/src/network/network_iptables.c @@ -84,7 +84,7 @@ iptablesPrivateChainCreate(virFirewall *fw, { iptablesGlobalChainData *data = opaque; g_autoptr(GHashTable) chains = virHashNew(NULL); - g_autoptr(GHashTable) links = virHashNew(NULL); + g_autoptr(GHashTable) links = virHashNew(g_free); const char *const *line; size_t i; @@ -96,16 +96,18 @@ iptablesPrivateChainCreate(virFirewall *fw, if (virHashUpdateEntry(chains, tmp, (void *)0x1) < 0) return -1; } else if ((tmp = STRSKIP(*line, "-A "))) { /* eg "-A INPUT -j LIBVIRT_INP" */ - char *sep = strchr(tmp, ' '); + const char *sep = strchr(tmp, ' '); if (sep) { - char *target; + const char *target; - *sep = '\0'; if ((target = STRSKIP(sep + 1, "-j "))) { - if (virHashUpdateEntry(links, target, - (char *)tmp) < 0) + char *chain = g_strndup(tmp, sep - tmp); + + if (virHashUpdateEntry(links, target, chain) < 0) { + g_free(chain); return -1; + } } } } -- 2.51.2
