stv0g/libnl
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

xfrm: fix potential NULL dereference

Browse source 
If xfrmnl_sel_alloc() returns NULL, the daddr and saddr members are
still accessed, leading to a potential NULL dereference. The same is the
case for xfrmnl_user_tmpl_alloc(). Fix this by returning NULL right away
if allocation fails.

http://lists.infradead.org/pipermail/libnl/2015-May/001874.html

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Thomas Haller <thaller@redhat.com>
This commit is contained in:
Tobias Klauser 2015-05-11 14:49:01 +02:00 committed by Thomas Haller
parent a214e75457
commit 4e115113c9
2 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/xfrm/selector.c
View file

@ -97,9 +97,10 @@ struct xfrmnl_sel* xfrmnl_sel_clone(struct xfrmnl_sel* sel)
struct xfrmnl_sel* new;
new = xfrmnl_sel_alloc();
if (new)
memcpy ((void*)new, (void*)sel, sizeof (struct xfrmnl_sel));
if (!new)
return NULL;
memcpy(new, sel, sizeof(struct xfrmnl_sel));
new->daddr = nl_addr_clone(sel->daddr);
new->saddr = nl_addr_clone(sel->saddr);

5
lib/xfrm/template.c
View file

@ -91,9 +91,10 @@ struct xfrmnl_user_tmpl* xfrmnl_user_tmpl_clone(struct xfrmnl_user_tmpl* utmpl)
struct xfrmnl_user_tmpl* new;
new = xfrmnl_user_tmpl_alloc();
if (new)
memcpy ((void*)new, (void*)utmpl, sizeof (struct xfrmnl_user_tmpl));
if (!new)
return NULL;
memcpy(new, utmpl, sizeof(struct xfrmnl_user_tmpl));
new->id.daddr = nl_addr_clone (utmpl->id.daddr);
new->saddr = nl_addr_clone (utmpl->saddr);