[PATCH] xfrm: Fix potential NULL dereference
Tobias Klauser
tklauser at distanz.ch
Mon May 11 05:49:01 PDT 2015
If xfrmnl_sel_alloc() returns NULL, the daddr and saddr members are
still accessed, leading to a potential NULL dereference. The same is the
case for xfrmnl_user_tmpl_alloc(). Fix this by returning NULL right away
if allocation fails.
Signed-off-by: Tobias Klauser <tklauser at distanz.ch>
---
lib/xfrm/selector.c | 5 +++--
lib/xfrm/template.c | 5 +++--
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/lib/xfrm/selector.c b/lib/xfrm/selector.c
index 17e5101..d52d8df 100644
--- a/lib/xfrm/selector.c
+++ b/lib/xfrm/selector.c
@@ -97,9 +97,10 @@ struct xfrmnl_sel* xfrmnl_sel_clone(struct xfrmnl_sel* sel)
struct xfrmnl_sel* new;
new = xfrmnl_sel_alloc();
- if (new)
- memcpy ((void*)new, (void*)sel, sizeof (struct xfrmnl_sel));
+ if (!new)
+ return NULL;
+ memcpy(new, sel, sizeof(struct xfrmnl_sel));
new->daddr = nl_addr_clone(sel->daddr);
new->saddr = nl_addr_clone(sel->saddr);
diff --git a/lib/xfrm/template.c b/lib/xfrm/template.c
index 5d6d8c9..fdfa4c2 100644
--- a/lib/xfrm/template.c
+++ b/lib/xfrm/template.c
@@ -91,9 +91,10 @@ struct xfrmnl_user_tmpl* xfrmnl_user_tmpl_clone(struct xfrmnl_user_tmpl* utmpl)
struct xfrmnl_user_tmpl* new;
new = xfrmnl_user_tmpl_alloc();
- if (new)
- memcpy ((void*)new, (void*)utmpl, sizeof (struct xfrmnl_user_tmpl));
+ if (!new)
+ return NULL;
+ memcpy(new, utmpl, sizeof(struct xfrmnl_user_tmpl));
new->id.daddr = nl_addr_clone (utmpl->id.daddr);
new->saddr = nl_addr_clone (utmpl->saddr);
--
2.2.2
More information about the libnl
mailing list