]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bb64add)
netlink: Avoid potential NULL-ptr deref parsing set elem expressions
authorPhil Sutter <phil@nwl.cc>
Fri, 16 May 2025 18:08:05 +0000 (20:08 +0200)
committerPhil Sutter <phil@nwl.cc>
Tue, 20 May 2025 10:53:31 +0000 (12:53 +0200)
Since netlink_parse_set_expr() may return NULL, the following deref must
be guarded.

Fixes: e6d1d0d611958 ("src: add set element multi-statement support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
src/netlink.c patch | blob | blame | history

diff --git a/src/netlink.c b/src/netlink.c
index d88912457c59122dd2466496bcce3940ddfe4dc2..0724190a25d6fe4cca9e42ee6d8620f04e41817a 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -969,7 +969,8 @@ static int set_elem_parse_expressions(struct nftnl_expr *e, void *data)
        struct stmt *stmt;
 
        stmt = netlink_parse_set_expr(set, cache, e);
-       list_add_tail(&stmt->list, &setelem_parse_ctx->stmt_list);
+       if (stmt)
+               list_add_tail(&stmt->list, &setelem_parse_ctx->stmt_list);
 
        return 0;
 }
Mirror of git://git.netfilter.org/nftables