diff options
author | Phil Oester <kernel@linuxace.com> | 2013-10-25 09:55:31 -0700 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-10-27 21:31:44 +0100 |
commit | fe59236952e037029c484b3f2ee75c658df90a9c (patch) | |
tree | e9cb5938508d98c73c8cd967a2f1a2748e7eef42 | |
parent | 032b73d499d76bf16a62f818373385dcc01f42fd (diff) |
src: fix possible null pointer dereference in nft_*_attr_get_*
As reported by John Sager, nft_set_attr_get_u32 can cause a
segfault because nft_set_attr_get can return NULL. Check for
a non-NULL pointer before dereferencing.
This closes netfilter bugzilla #868.
[ I have mangled this patch to solve possible null pointer
dereference with get operations with rule objects --pablo ]
Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/rule.c | 12 | ||||
-rw-r--r-- | src/set.c | 4 |
2 files changed, 8 insertions, 8 deletions
@@ -201,22 +201,22 @@ EXPORT_SYMBOL(nft_rule_attr_get_str); uint32_t nft_rule_attr_get_u32(const struct nft_rule *r, uint16_t attr) { - uint32_t val = *((uint32_t *)nft_rule_attr_get(r, attr)); - return val; + const uint32_t *val = nft_rule_attr_get(r, attr); + return val ? *val : 0; } EXPORT_SYMBOL(nft_rule_attr_get_u32); uint64_t nft_rule_attr_get_u64(const struct nft_rule *r, uint16_t attr) { - uint64_t val = *((uint64_t *)nft_rule_attr_get(r, attr)); - return val; + const uint64_t *val = nft_rule_attr_get(r, attr); + return val ? *val : 0; } EXPORT_SYMBOL(nft_rule_attr_get_u64); uint8_t nft_rule_attr_get_u8(const struct nft_rule *r, uint16_t attr) { - uint8_t val = *((uint8_t *)nft_rule_attr_get(r, attr)); - return val; + const uint8_t *val = nft_rule_attr_get(r, attr); + return val ? *val : 0; } EXPORT_SYMBOL(nft_rule_attr_get_u8); @@ -183,8 +183,8 @@ EXPORT_SYMBOL(nft_set_attr_get_str); uint32_t nft_set_attr_get_u32(struct nft_set *s, uint16_t attr) { - uint32_t val = *((uint32_t *)nft_set_attr_get(s, attr)); - return val; + const uint32_t *val = nft_set_attr_get(s, attr); + return val ? *val : 0; } EXPORT_SYMBOL(nft_set_attr_get_u32); |