diff options
author | Phil Sutter <phil@nwl.cc> | 2019-10-21 16:29:03 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2019-10-21 18:21:08 +0200 |
commit | e33b971f35cbfc3634dba9690537bbfb8baeac87 (patch) | |
tree | f699dbec3c4bf8263ba4f3e1a5657279fd5ebf89 /src | |
parent | 00487d5fe3ece179e61124ee62449f4ad7d1918e (diff) |
tproxy: Add missing error checking when parsing from netlink
netlink_get_register() may return NULL and every other caller checks
that. Assuming this situation is not expected, just jump to 'err' label
without queueing an explicit error message.
Fixes: 2be1d52644cf7 ("src: Add tproxy support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/netlink_delinearize.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index f7d328a8..154353b8 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -1041,6 +1041,8 @@ static void netlink_parse_tproxy(struct netlink_parse_ctx *ctx, reg = netlink_parse_register(nle, NFTNL_EXPR_TPROXY_REG_ADDR); if (reg) { addr = netlink_get_register(ctx, loc, reg); + if (addr == NULL) + goto err; switch (stmt->tproxy.family) { case NFPROTO_IPV4: @@ -1060,6 +1062,8 @@ static void netlink_parse_tproxy(struct netlink_parse_ctx *ctx, reg = netlink_parse_register(nle, NFTNL_EXPR_TPROXY_REG_PORT); if (reg) { port = netlink_get_register(ctx, loc, reg); + if (port == NULL) + goto err; expr_set_type(port, &inet_service_type, BYTEORDER_BIG_ENDIAN); stmt->tproxy.port = port; } |