summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2018-09-19 15:16:54 +0200
committerFlorian Westphal <fw@strlen.de>2018-09-24 11:24:07 +0200
commitab639f236ff85d2f447cc6601c7ff42cefdaf853 (patch)
treeb23ee42ed99ecdadd5c329b311c0de06f3a17289
parent22ef371abeeec789bb6a701352dcb961556595c2 (diff)
libxtables: Avoid calling memcpy() with NULL source
Both affected functions check if 'oldopts' is NULL once but later seem to ignore that possibility. To catch up on that, increment the pointer only if it isn't NULL, also don't copy its content into the merged options buffer in that case. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r--libxtables/xtables.c12
-rw-r--r--libxtables/xtoptions.c12
2 files changed, 16 insertions, 8 deletions
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index f3966f15..1b8e4b07 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -119,8 +119,10 @@ struct option *xtables_merge_options(struct option *orig_opts,
* Since @oldopts also has @orig_opts already (and does so at the
* start), skip these entries.
*/
- oldopts += num_oold;
- num_old -= num_oold;
+ if (oldopts != NULL) {
+ oldopts += num_oold;
+ num_old -= num_oold;
+ }
merge = malloc(sizeof(*mp) * (num_oold + num_old + num_new + 1));
if (merge == NULL)
@@ -139,8 +141,10 @@ struct option *xtables_merge_options(struct option *orig_opts,
mp->val += *option_offset;
/* Third, the old options */
- memcpy(mp, oldopts, sizeof(*mp) * num_old);
- mp += num_old;
+ if (oldopts != NULL) {
+ memcpy(mp, oldopts, sizeof(*mp) * num_old);
+ mp += num_old;
+ }
xtables_free_opts(0);
/* Clear trailing entry */
diff --git a/libxtables/xtoptions.c b/libxtables/xtoptions.c
index 326febd5..05887a05 100644
--- a/libxtables/xtoptions.c
+++ b/libxtables/xtoptions.c
@@ -91,8 +91,10 @@ xtables_options_xfrm(struct option *orig_opts, struct option *oldopts,
* Since @oldopts also has @orig_opts already (and does so at the
* start), skip these entries.
*/
- oldopts += num_orig;
- num_old -= num_orig;
+ if (oldopts != NULL) {
+ oldopts += num_orig;
+ num_old -= num_orig;
+ }
merge = malloc(sizeof(*mp) * (num_orig + num_old + num_new + 1));
if (merge == NULL)
@@ -114,8 +116,10 @@ xtables_options_xfrm(struct option *orig_opts, struct option *oldopts,
}
/* Third, the old options */
- memcpy(mp, oldopts, sizeof(*mp) * num_old);
- mp += num_old;
+ if (oldopts != NULL) {
+ memcpy(mp, oldopts, sizeof(*mp) * num_old);
+ mp += num_old;
+ }
xtables_free_opts(0);
/* Clear trailing entry */