Index: trunk/wifidog/src/fw_iptables.c
===================================================================
--- trunk/wifidog/src/fw_iptables.c	(revision 458)
+++ trunk/wifidog/src/fw_iptables.c	(revision 467)
@@ -41,4 +41,5 @@
 #include "common.h"
 
+#include "safe.h"
 #include "conf.h"
 #include "fw_iptables.h"
@@ -69,11 +70,15 @@
 
     va_start(vlist, format);
-    vasprintf(&fmt_cmd, format, vlist);
-    asprintf(&cmd, "iptables %s", fmt_cmd);
+    safe_vasprintf(&fmt_cmd, format, vlist);
+	 va_end(vlist);
+
+    safe_asprintf(&cmd, "iptables %s", fmt_cmd);
+
+    free(fmt_cmd);
+
     debug(LOG_DEBUG, "Executing command: %s", cmd);
 	
     rc = execute(cmd, fw_quiet);
 
-    free(fmt_cmd);
     free(cmd);
 
@@ -97,7 +102,7 @@
     
     if (rule->block_allow == 1) {
-        mode = strdup("ACCEPT");
+        mode = safe_strdup("ACCEPT");
     } else {
-        mode = strdup("REJECT");
+        mode = safe_strdup("REJECT");
     }
     
@@ -122,5 +127,5 @@
     /* XXX The buffer command, an automatic variable, will get cleaned
      * off of the stack when we return, so we strdup() it. */
-    return(strdup(command));
+    return(safe_strdup(command));
 }
 
@@ -189,5 +194,5 @@
     config = config_get_config();
 	 LOCK_CONFIG();
-	 gw_interface = strdup(config->gw_interface);
+	 gw_interface = safe_strdup(config->gw_interface);
 	 gw_port = config->gw_port;
 	 UNLOCK_CONFIG();
@@ -343,5 +348,5 @@
 	int deleted = 0;
 
-	asprintf(&command, "iptables -t %s -L %s -n --line-numbers -v", table, chain);
+	safe_asprintf(&command, "iptables -t %s -L %s -n --line-numbers -v", table, chain);
 
 	if ((p = popen(command, "r"))) {
@@ -356,5 +361,5 @@
 				if (sscanf(line, "%9[0-9]", rulenum) == 1) {
 					/* Delete the rule: */
-					asprintf(&command2, "-t %s -D %s %s", table, chain, rulenum);
+					safe_asprintf(&command2, "-t %s -D %s %s", table, chain, rulenum);
 					iptables_do_command(command2);
 					free(command2);
@@ -416,10 +421,11 @@
 
     /* Look for outgoing traffic */
-    asprintf(&script, "%s %s", "iptables", "-v -n -x -t mangle -L " TABLE_WIFIDOG_OUTGOING);
-    if (!(output = popen(script, "r"))) {
+    safe_asprintf(&script, "%s %s", "iptables", "-v -n -x -t mangle -L " TABLE_WIFIDOG_OUTGOING);
+    output = popen(script, "r");
+    free(script);
+    if (!output) {
         debug(LOG_ERR, "popen(): %s", strerror(errno));
         return -1;
     }
-    free(script);
 
     /* skip the first two lines */
@@ -453,10 +459,11 @@
 
     /* Look for incoming traffic */
-    asprintf(&script, "%s %s", "iptables", "-v -n -x -t mangle -L " TABLE_WIFIDOG_INCOMING);
-    if (!(output = popen(script, "r"))) {
+    safe_asprintf(&script, "%s %s", "iptables", "-v -n -x -t mangle -L " TABLE_WIFIDOG_INCOMING);
+    output = popen(script, "r");
+    free(script);
+    if (!output) {
         debug(LOG_ERR, "popen(): %s", strerror(errno));
         return -1;
     }
-    free(script);
 
     /* skip the first two lines */