From 3f4e13d60ddbb61bc3256221a98f5c5a954f6f5c Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 15 Mar 2019 17:51:28 +0100 Subject: [PATCH] libxtables: Avoid calling memcpy() with NULL source Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1525980 Upstream Status: iptables commit ab639f236ff85 commit ab639f236ff85d2f447cc6601c7ff42cefdaf853 Author: Phil Sutter Date: Wed Sep 19 15:16:54 2018 +0200 libxtables: Avoid calling memcpy() with NULL source Both affected functions check if 'oldopts' is NULL once but later seem to ignore that possibility. To catch up on that, increment the pointer only if it isn't NULL, also don't copy its content into the merged options buffer in that case. Signed-off-by: Phil Sutter Signed-off-by: Florian Westphal Signed-off-by: Phil Sutter --- libxtables/xtables.c | 12 ++++++++---- libxtables/xtoptions.c | 12 ++++++++---- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/libxtables/xtables.c b/libxtables/xtables.c index 4a014e48a9f45..cf9a59d5ec095 100644 --- a/libxtables/xtables.c +++ b/libxtables/xtables.c @@ -119,8 +119,10 @@ struct option *xtables_merge_options(struct option *orig_opts, * Since @oldopts also has @orig_opts already (and does so at the * start), skip these entries. */ - oldopts += num_oold; - num_old -= num_oold; + if (oldopts != NULL) { + oldopts += num_oold; + num_old -= num_oold; + } merge = malloc(sizeof(*mp) * (num_oold + num_old + num_new + 1)); if (merge == NULL) @@ -139,8 +141,10 @@ struct option *xtables_merge_options(struct option *orig_opts, mp->val += *option_offset; /* Third, the old options */ - memcpy(mp, oldopts, sizeof(*mp) * num_old); - mp += num_old; + if (oldopts != NULL) { + memcpy(mp, oldopts, sizeof(*mp) * num_old); + mp += num_old; + } xtables_free_opts(0); /* Clear trailing entry */ diff --git a/libxtables/xtoptions.c b/libxtables/xtoptions.c index 1ad4cb57f5836..1d3fda73dedf7 100644 --- a/libxtables/xtoptions.c +++ b/libxtables/xtoptions.c @@ -91,8 +91,10 @@ xtables_options_xfrm(struct option *orig_opts, struct option *oldopts, * Since @oldopts also has @orig_opts already (and does so at the * start), skip these entries. */ - oldopts += num_orig; - num_old -= num_orig; + if (oldopts != NULL) { + oldopts += num_orig; + num_old -= num_orig; + } merge = malloc(sizeof(*mp) * (num_orig + num_old + num_new + 1)); if (merge == NULL) @@ -114,8 +116,10 @@ xtables_options_xfrm(struct option *orig_opts, struct option *oldopts, } /* Third, the old options */ - memcpy(mp, oldopts, sizeof(*mp) * num_old); - mp += num_old; + if (oldopts != NULL) { + memcpy(mp, oldopts, sizeof(*mp) * num_old); + mp += num_old; + } xtables_free_opts(0); /* Clear trailing entry */ -- 2.21.0