From 05296fdd86e92722ee667e87c33156bd8bea33f0 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Thu, 11 Jul 2013 22:41:20 +0200
Subject: conntrack: labels: labelmap_new: make sure errno is 0 when no labels
 are found

nfct_labelmap_new returns NULL on failure, e.g. when file cannot be
opened.  It will also fail if no labels have been parsed, and in this
case, content of errno is random.

Avoid it by making sure that errno is re-set when no labels were found.

While at it, also change ptr test when parsing so reviewers don't
need to triple check that this cannot result in out-of-bounds read.

Reported-by: Afschin Hormozdiary <Afschin.Hormozdiary@sophos.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 src/conntrack/labels.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/conntrack/labels.c b/src/conntrack/labels.c
index 7dfb780..1bf2b31 100644
--- a/src/conntrack/labels.c
+++ b/src/conntrack/labels.c
@@ -110,7 +110,7 @@ static char *trim_label(char *label)
 		end = strchr(label, '\0');
 	end--;
 
-	while (is_space_posix(*end) && end > label) {
+	while (end > label && is_space_posix(*end)) {
 		*end = 0;
 		end--;
 	}
@@ -262,6 +262,8 @@ struct nfct_labelmap *__labelmap_new(const char *name)
 			goto err;
 		make_name_table(map);
 		return map;
+	} else {
+		errno = 0;
 	}
  err:
 	__labelmap_destroy(map);
-- 
cgit v1.2.3