From cdbe35044232c89db38f045c70b1ef1948f4d6e4 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 17 Jul 2013 18:53:13 +0200
Subject: [PATCH] openvpnctrl: Save the binary from crashing with wrong input.

See #10390.
---
 src/misc-progs/openvpnctrl.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index e366294b5..76916f147 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -362,6 +362,10 @@ char* calcTransferNetAddress(const connection* conn) {
 	char *subnetmask = strdup(conn->transfer_subnet);
 	char *address = strsep(&subnetmask, "/");
 
+	if ((address == NULL) || (subnetmask == NULL)) {
+		goto ERROR;
+	}
+
 	in_addr_t _address    = inet_addr(address);
 	in_addr_t _subnetmask = inet_addr(subnetmask);
 	_address &= _subnetmask;
@@ -496,12 +500,11 @@ void setFirewallRules(void) {
 			local_subnet_address = getLocalSubnetAddress(conn);
 			transfer_subnet_address = calcTransferNetAddress(conn);
 
-			if ((!local_subnet_address) || (!transfer_subnet_address))
-				continue;
-
-			snprintf(command, STRING_SIZE, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s",
-				OVPNNAT, transfer_subnet_address, local_subnet_address);
-			executeCommand(command);
+			if ((local_subnet_address) && (transfer_subnet_address)) {
+				snprintf(command, STRING_SIZE, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s",
+					OVPNNAT, transfer_subnet_address, local_subnet_address);
+				executeCommand(command);
+			}
 		}
 
 		conn = conn->next;
-- 
2.39.2