imv-scanner: Fix potentially unsafe port filter attribute destruction

DESTROY_IF() checks if the given value is not NULL, before calling
destroy() on it, which does not work for sub-structs.  If
port_filter_attr is NULL, this could crash.

diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
index 2429733a594a98a2482dbcc586fe1cb33564d69d..5606c30120a77446f0c1f3aaf500ee5dc4e2a529 100644 (file)
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
@@ -321,8 +321,12 @@ METHOD(imv_state_t, reset, void,
 
        this->handshake_state = IMV_SCANNER_STATE_INIT;
 
-       DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
-       this->port_filter_attr = NULL;
+       if (this->port_filter_attr)
+       {
+               this->port_filter_attr->pa_tnc_attribute.destroy(
+                                                                       &this->port_filter_attr->pa_tnc_attribute);
+               this->port_filter_attr = NULL;
+       }
        this->violating_ports->destroy_function(this->violating_ports, free);
        this->violating_ports = linked_list_create();
 }
@@ -333,7 +337,11 @@ METHOD(imv_state_t, destroy, void,
        DESTROY_IF(this->session);
        DESTROY_IF(this->reason_string);
        DESTROY_IF(this->remediation_string);
-       DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
+       if (this->port_filter_attr)
+       {
+               this->port_filter_attr->pa_tnc_attribute.destroy(
+                                                                       &this->port_filter_attr->pa_tnc_attribute);
+       }
        this->contracts->destroy(this->contracts);
        this->violating_ports->destroy_function(this->violating_ports, free);
        free(this);
@@ -354,7 +362,11 @@ METHOD(imv_scanner_state_t, get_handshake_state, imv_scanner_handshake_state_t,
 METHOD(imv_scanner_state_t, set_port_filter_attr, void,
        private_imv_scanner_state_t *this, ietf_attr_port_filter_t *attr)
 {
-       DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
+       if (this->port_filter_attr)
+       {
+               this->port_filter_attr->pa_tnc_attribute.destroy(
+                                                                       &this->port_filter_attr->pa_tnc_attribute);
+       }
        this->port_filter_attr = attr;
 }