netlink_delinearize: Sanitize concat data element decoding

commit 1344d9e53ba4d67cedd13a2c76a970fc7ce65683 upstream.

The call to netlink_get_register() might return NULL, catch this before
dereferencing the pointer.

Fixes: db59a5c1204c9 ("netlink_delinearize: fix decoding of concat data element")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Florian Westphal <fw@strlen.de>

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index fe3246b2e3e9782b476c5cc1d6e7f95efd876cc8..b413f60e414f1ee970ba26f4c05cb7d7de816183 100644 (file)
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1661,7 +1661,7 @@ static void netlink_parse_dynset(struct netlink_parse_ctx *ctx,
                sreg_data = netlink_parse_register(nle, NFTNL_EXPR_DYNSET_SREG_DATA);
                expr_data = netlink_get_register(ctx, loc, sreg_data);
 
-               if (expr_data->len < set->data->len) {
+               if (expr_data && expr_data->len < set->data->len) {
                        expr_free(expr_data);
                        expr_data = netlink_parse_concat_expr(ctx, loc, sreg_data, set->data->len);
                        if (expr_data == NULL)