diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-02-17 18:29:26 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-02-17 18:29:26 +0100 |
| commit | 6c4ec15505b9fe878ade0b3e7cdbc8f0a26861cd (patch) | |
| tree | aec8f8a5f1cab3a2c5b2b7cee3133d51aab27087 /src/cache.c | |
| parent | 2bbb1655e38646d9a9a6f839d6ca22e4e554d2f2 (diff) | |
| download | conntrack-tools-6c4ec15505b9fe878ade0b3e7cdbc8f0a26861cd.tar.gz conntrack-tools-6c4ec15505b9fe878ade0b3e7cdbc8f0a26861cd.zip | |
conntrackd: use nfct_copy() with override flag in cache_object_new()
Using memcpy() is not safe, it breaks secctx and it may break
more things in the future. Moreover, nfct_size*() functions will
be deprecated soon, they are evil since they open the window
to memcpy().
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/cache.c')
| -rw-r--r-- | src/cache.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/cache.c b/src/cache.c index 74c5c4b..f411121 100644 --- a/src/cache.c +++ b/src/cache.c @@ -193,7 +193,7 @@ struct cache_object *cache_object_new(struct cache *c, struct nf_conntrack *ct) c->stats.add_fail_enomem++; return NULL; } - memcpy(obj->ct, ct, nfct_sizeof(ct)); + nfct_copy(obj->ct, ct, NFCT_CP_OVERRIDE); obj->status = C_OBJ_NONE; c->stats.objects++; |