From e33b971f35cbfc3634dba9690537bbfb8baeac87 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Mon, 21 Oct 2019 16:29:03 +0200
Subject: tproxy: Add missing error checking when parsing from netlink

netlink_get_register() may return NULL and every other caller checks
that. Assuming this situation is not expected, just jump to 'err' label
without queueing an explicit error message.

Fixes: 2be1d52644cf7 ("src: Add tproxy support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/netlink_delinearize.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src')

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index f7d328a8..154353b8 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1041,6 +1041,8 @@ static void netlink_parse_tproxy(struct netlink_parse_ctx *ctx,
 	reg = netlink_parse_register(nle, NFTNL_EXPR_TPROXY_REG_ADDR);
 	if (reg) {
 		addr = netlink_get_register(ctx, loc, reg);
+		if (addr == NULL)
+			goto err;
 
 		switch (stmt->tproxy.family) {
 		case NFPROTO_IPV4:
@@ -1060,6 +1062,8 @@ static void netlink_parse_tproxy(struct netlink_parse_ctx *ctx,
 	reg = netlink_parse_register(nle, NFTNL_EXPR_TPROXY_REG_PORT);
 	if (reg) {
 		port = netlink_get_register(ctx, loc, reg);
+		if (port == NULL)
+			goto err;
 		expr_set_type(port, &inet_service_type, BYTEORDER_BIG_ENDIAN);
 		stmt->tproxy.port = port;
 	}
-- 
cgit v1.2.3