conntrack: labels: labelmap_new: make sure errno is 0 when no labels are found

nfct_labelmap_new returns NULL on failure, e.g. when file cannot be opened. It will also fail if no labels have been parsed, and in this case, content of errno is random. Avoid it by making sure that errno is re-set when no labels were found. While at it, also change ptr test when parsing so reviewers don't need to triple check that this cannot result in out-of-bounds read. Reported-by: Afschin Hormozdiary <Afschin.Hormozdiary@sophos.com> Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2013-07-11 22:41:20 +0200
committer: Florian Westphal <fw@strlen.de> 2013-07-11 22:47:18 +0200
commit: 05296fdd86e92722ee667e87c33156bd8bea33f0 (patch)
tree: 7e110e336fa840fabaa2b30072f704490ee1206a
parent: 6c2daa7dbb5834776c024783fbc9032298ef45a4 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/src/conntrack/labels.c b/src/conntrack/labels.c
index 7dfb780..1bf2b31 100644
--- a/src/conntrack/labels.c
+++ b/src/conntrack/labels.c
@@ -110,7 +110,7 @@ static char *trim_label(char *label)
 		end = strchr(label, '\0');
 	end--;
 
-	while (is_space_posix(*end) && end > label) {
+	while (end > label && is_space_posix(*end)) {
 		*end = 0;
 		end--;
 	}
@@ -262,6 +262,8 @@ struct nfct_labelmap *__labelmap_new(const char *name)
 			goto err;
 		make_name_table(map);
 		return map;
+	} else {
+		errno = 0;
 	}
  err:
 	__labelmap_destroy(map);
author	Florian Westphal <fw@strlen.de>	2013-07-11 22:41:20 +0200
committer	Florian Westphal <fw@strlen.de>	2013-07-11 22:47:18 +0200
commit	05296fdd86e92722ee667e87c33156bd8bea33f0 (patch)
tree	7e110e336fa840fabaa2b30072f704490ee1206a
parent	6c2daa7dbb5834776c024783fbc9032298ef45a4 (diff)