summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2020-01-20 16:32:40 +0100
committerPhil Sutter <phil@nwl.cc>2020-01-22 09:01:01 +0100
commitc9ddf0bff363fc9101b563b592db600bdf4d65c5 (patch)
treef996aef62b559c8e480593b2b48e5976f38fa793
parente957bd9f10d5e36671a0b0398e2037fc6201275b (diff)
netlink: Avoid potential NULL-pointer deref in netlink_gen_payload_stmt()HEADmaster
With payload_needs_l4csum_update_pseudohdr() unconditionally dereferencing passed 'desc' parameter and a previous check for it to be non-NULL, make sure to call the function only if input is sane. Fixes: 68de70f2b3fc6 ("netlink_linearize: fix IPv6 layer 4 checksum mangling") Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/netlink_linearize.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 498326d0..cb1b7fe1 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -941,7 +941,7 @@ static void netlink_gen_payload_stmt(struct netlink_linearize_ctx *ctx,
nftnl_expr_set_u32(nle, NFTNL_EXPR_PAYLOAD_CSUM_OFFSET,
csum_off / BITS_PER_BYTE);
}
- if (expr->payload.base == PROTO_BASE_NETWORK_HDR &&
+ if (expr->payload.base == PROTO_BASE_NETWORK_HDR && desc &&
payload_needs_l4csum_update_pseudohdr(expr, desc))
nftnl_expr_set_u32(nle, NFTNL_EXPR_PAYLOAD_FLAGS,
NFT_PAYLOAD_L4CSUM_PSEUDOHDR);