libsupport: fix (very potential) NULL dereference

It's a very rare set of circumstances (requiring deleting profile
sections, which e2fsprogs doesn't do) that might trigger a NULL
derference, but fix it for robustness's sake, maybe some day someone
will use that functionality.

Fixes-Coverity-Bug: 207508
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

diff --git a/lib/support/profile.c b/lib/support/profile.c
index 9e96673b221dc4e82aabb47ba3375e4041331876..585ed595d4319f7f6576e06bb1237cab72f832f2 100644 (file)
--- a/lib/support/profile.c
+++ b/lib/support/profile.c
@@ -1362,7 +1362,7 @@ errcode_t profile_node_iterator(void **iter_p, struct profile_node **ret_node,
        }
 get_new_file:
        if (iter->node == 0) {
-               if (iter->file == 0 ||
+               if (iter->file == NULL ||
                    (iter->flags & PROFILE_ITER_FINAL_SEEN)) {
                        profile_iterator_free(iter_p);
                        if (ret_node)
@@ -1376,7 +1376,8 @@ get_new_file:
                if ((retval = profile_update_file(iter->file))) {
                    if (retval == ENOENT || retval == EACCES) {
                        /* XXX memory leak? */
-                       iter->file = iter->file->next;
+                       if (iter->file)
+                           iter->file = iter->file->next;
                        skip_num = 0;
                        retval = 0;
                        goto get_new_file;
@@ -1405,7 +1406,8 @@ get_new_file:
                                iter->flags |= PROFILE_ITER_FINAL_SEEN;
                }
                if (!section) {
-                       iter->file = iter->file->next;
+                       if (iter->file)
+                               iter->file = iter->file->next;
                        skip_num = 0;
                        goto get_new_file;
                }
@@ -1435,13 +1437,15 @@ get_new_file:
        }
        iter->num++;
        if (!p) {
-               iter->file = iter->file->next;
+               if (iter->file)
+                       iter->file = iter->file->next;
                iter->node = 0;
                skip_num = 0;
                goto get_new_file;
        }
        if ((iter->node = p->next) == NULL)
-               iter->file = iter->file->next;
+               if (iter->file)
+                       iter->file = iter->file->next;
        if (ret_node)
                *ret_node = p;
        if (ret_name)