You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
91 lines
2.8 KiB
91 lines
2.8 KiB
From 3f4e13d60ddbb61bc3256221a98f5c5a954f6f5c Mon Sep 17 00:00:00 2001 |
|
From: Phil Sutter <psutter@redhat.com> |
|
Date: Fri, 15 Mar 2019 17:51:28 +0100 |
|
Subject: [PATCH] libxtables: Avoid calling memcpy() with NULL source |
|
|
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1525980 |
|
Upstream Status: iptables commit ab639f236ff85 |
|
|
|
commit ab639f236ff85d2f447cc6601c7ff42cefdaf853 |
|
Author: Phil Sutter <phil@nwl.cc> |
|
Date: Wed Sep 19 15:16:54 2018 +0200 |
|
|
|
libxtables: Avoid calling memcpy() with NULL source |
|
|
|
Both affected functions check if 'oldopts' is NULL once but later seem |
|
to ignore that possibility. To catch up on that, increment the pointer |
|
only if it isn't NULL, also don't copy its content into the merged |
|
options buffer in that case. |
|
|
|
Signed-off-by: Phil Sutter <phil@nwl.cc> |
|
Signed-off-by: Florian Westphal <fw@strlen.de> |
|
|
|
Signed-off-by: Phil Sutter <psutter@redhat.com> |
|
--- |
|
libxtables/xtables.c | 12 ++++++++---- |
|
libxtables/xtoptions.c | 12 ++++++++---- |
|
2 files changed, 16 insertions(+), 8 deletions(-) |
|
|
|
diff --git a/libxtables/xtables.c b/libxtables/xtables.c |
|
index 4a014e48a9f45..cf9a59d5ec095 100644 |
|
--- a/libxtables/xtables.c |
|
+++ b/libxtables/xtables.c |
|
@@ -119,8 +119,10 @@ struct option *xtables_merge_options(struct option *orig_opts, |
|
* Since @oldopts also has @orig_opts already (and does so at the |
|
* start), skip these entries. |
|
*/ |
|
- oldopts += num_oold; |
|
- num_old -= num_oold; |
|
+ if (oldopts != NULL) { |
|
+ oldopts += num_oold; |
|
+ num_old -= num_oold; |
|
+ } |
|
|
|
merge = malloc(sizeof(*mp) * (num_oold + num_old + num_new + 1)); |
|
if (merge == NULL) |
|
@@ -139,8 +141,10 @@ struct option *xtables_merge_options(struct option *orig_opts, |
|
mp->val += *option_offset; |
|
|
|
/* Third, the old options */ |
|
- memcpy(mp, oldopts, sizeof(*mp) * num_old); |
|
- mp += num_old; |
|
+ if (oldopts != NULL) { |
|
+ memcpy(mp, oldopts, sizeof(*mp) * num_old); |
|
+ mp += num_old; |
|
+ } |
|
xtables_free_opts(0); |
|
|
|
/* Clear trailing entry */ |
|
diff --git a/libxtables/xtoptions.c b/libxtables/xtoptions.c |
|
index 1ad4cb57f5836..1d3fda73dedf7 100644 |
|
--- a/libxtables/xtoptions.c |
|
+++ b/libxtables/xtoptions.c |
|
@@ -91,8 +91,10 @@ xtables_options_xfrm(struct option *orig_opts, struct option *oldopts, |
|
* Since @oldopts also has @orig_opts already (and does so at the |
|
* start), skip these entries. |
|
*/ |
|
- oldopts += num_orig; |
|
- num_old -= num_orig; |
|
+ if (oldopts != NULL) { |
|
+ oldopts += num_orig; |
|
+ num_old -= num_orig; |
|
+ } |
|
|
|
merge = malloc(sizeof(*mp) * (num_orig + num_old + num_new + 1)); |
|
if (merge == NULL) |
|
@@ -114,8 +116,10 @@ xtables_options_xfrm(struct option *orig_opts, struct option *oldopts, |
|
} |
|
|
|
/* Third, the old options */ |
|
- memcpy(mp, oldopts, sizeof(*mp) * num_old); |
|
- mp += num_old; |
|
+ if (oldopts != NULL) { |
|
+ memcpy(mp, oldopts, sizeof(*mp) * num_old); |
|
+ mp += num_old; |
|
+ } |
|
xtables_free_opts(0); |
|
|
|
/* Clear trailing entry */ |
|
-- |
|
2.21.0 |
|
|
|
|