From 7948b7d754c5e7f3e882e13bc4e99aebe99f3f8d Mon Sep 17 00:00:00 2001
From: Tomofumi Hayashi <s1061123@gmail.com>
Date: Tue, 28 Apr 2015 17:02:03 +0900
Subject: [PATCH] Fix SEGV issue (due to invalid memory alloc case).

---
 miniupnpd/netfilter_nft/nftnlrdr.c      |  8 ++++++++
 miniupnpd/netfilter_nft/nftnlrdr_misc.c | 20 +++++++++++++++++---
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/miniupnpd/netfilter_nft/nftnlrdr.c b/miniupnpd/netfilter_nft/nftnlrdr.c
index 0faf4d9..71ae9a8 100644
--- a/miniupnpd/netfilter_nft/nftnlrdr.c
+++ b/miniupnpd/netfilter_nft/nftnlrdr.c
@@ -201,6 +201,10 @@ get_peer_rule_by_index(int index,
 
         printf("get_peer_rule_by_index()\n");
 	reflesh_nft_cache(NFPROTO_IPV4);
+	if (peer_cache == NULL) {
+		return -1;
+	}
+
 	for (i = 0; peer_cache[i] != NULL; i++) {
 		if (index == i) {
 			r = peer_cache[i];
@@ -283,6 +287,10 @@ get_redirect_rule_by_index(int index,
 
         printf("get_redirect_rule_by_index()\n");
 	reflesh_nft_cache(NFPROTO_IPV4);
+	if (redirect_cache == NULL) {
+		return -1;
+	}
+
 	for (i = 0; redirect_cache[i] != NULL; i++) {
 		if (index == i) {
 			r = redirect_cache[i];
diff --git a/miniupnpd/netfilter_nft/nftnlrdr_misc.c b/miniupnpd/netfilter_nft/nftnlrdr_misc.c
index 279b43b..e3c99ec 100644
--- a/miniupnpd/netfilter_nft/nftnlrdr_misc.c
+++ b/miniupnpd/netfilter_nft/nftnlrdr_misc.c
@@ -550,8 +550,15 @@ reflesh_nft_redirect_cache(void)
 	int i;
 	uint32_t len;
 
-	free(redirect_cache);
+	if (redirect_cache != NULL) {
+		free(redirect_cache);
+	}
 	len = rule_list_length - rule_list_peer_length;
+	if (len == 0) {
+		redirect_cache = NULL;
+		return;
+	} 
+
 	redirect_cache = (rule_t **)malloc(sizeof(rule_t *) * len);
 	bzero(redirect_cache, sizeof(rule_t *) * len);
 
@@ -573,7 +580,13 @@ reflesh_nft_peer_cache(void)
 	rule_t *p;
 	int i;
 
-	free(peer_cache);
+	if (peer_cache != NULL) {
+		free(peer_cache);
+	}
+	if (rule_list_peer_length == 0) {
+		peer_cache = NULL;
+		return;
+	}
 	peer_cache = (rule_t **)malloc(
 		sizeof(rule_t *) * rule_list_peer_length);
 	bzero(peer_cache, sizeof(rule_t *) * rule_list_peer_length);
@@ -599,8 +612,9 @@ reflesh_nft_cache(uint32_t family)
 	rule_t *p1, *p2;
 	int ret;
 
-	if (rule_list_validate == RULE_CACHE_VALID)
+	if (rule_list_validate == RULE_CACHE_VALID) {
 		return;
+	}
 
 	t = NULL;
 	p1 = LIST_FIRST(&head);