From 892212ee18f0b45b56b19d58a0da55fa119e4a8d Mon Sep 17 00:00:00 2001
From: Guy Harris <gharris@sonic.net>
Date: Tue, 5 Oct 2021 15:16:30 -0700
Subject: linux: null handlep->oneshot_buffer after freeing it.

That avoids double-free crashes on certain errors; see GitHub issue
---
 pcap-linux.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'pcap-linux.c')

diff --git a/pcap-linux.c b/pcap-linux.c
index d8dea580..18c71ea9 100644
--- a/pcap-linux.c
+++ b/pcap-linux.c
@@ -2684,6 +2684,7 @@ setup_mmapped(pcap_t *handle, int *status)
 	ret = prepare_tpacket_socket(handle);
 	if (ret == -1) {
 		free(handlep->oneshot_buffer);
+		handlep->oneshot_buffer = NULL;
 		*status = PCAP_ERROR;
 		return ret;
 	}
@@ -2694,6 +2695,7 @@ setup_mmapped(pcap_t *handle, int *status)
 		 * fail.  create_ring() has set *status.
 		 */
 		free(handlep->oneshot_buffer);
+		handlep->oneshot_buffer = NULL;
 		return -1;
 	}
 
-- 
cgit v1.2.3