netlink_delinearize: Sanitize concat data element decoding

commit 1344d9e53ba4d67cedd13a2c76a970fc7ce65683 upstream. The call to netlink_get_register() might return NULL, catch this before dereferencing the pointer. Fixes: db59a5c1204c9 ("netlink_delinearize: fix decoding of concat data element") Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Florian Westphal <fw@strlen.de>
author: Phil Sutter <phil@nwl.cc> 2023-02-21 18:36:01 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2023-11-02 11:56:19 +0100
commit: 767e2ce2dcb3e0950feba8866f14cf02f963a2c4 (patch)
tree: 825925b53133031fe1fa80ca5cb9efc5725382f6 /src
parent: 26845bbcbabbcf1625b4b6e535a7e15a1206fe73 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index fe3246b2..b413f60e 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1661,7 +1661,7 @@ static void netlink_parse_dynset(struct netlink_parse_ctx *ctx,
 		sreg_data = netlink_parse_register(nle, NFTNL_EXPR_DYNSET_SREG_DATA);
 		expr_data = netlink_get_register(ctx, loc, sreg_data);
 
-		if (expr_data->len < set->data->len) {
+		if (expr_data && expr_data->len < set->data->len) {
 			expr_free(expr_data);
 			expr_data = netlink_parse_concat_expr(ctx, loc, sreg_data, set->data->len);
 			if (expr_data == NULL)
author	Phil Sutter <phil@nwl.cc>	2023-02-21 18:36:01 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2023-11-02 11:56:19 +0100
commit	767e2ce2dcb3e0950feba8866f14cf02f963a2c4 (patch)
tree	825925b53133031fe1fa80ca5cb9efc5725382f6 /src
parent	26845bbcbabbcf1625b4b6e535a7e15a1206fe73 (diff)