NULL pointer deference if nlmsg_reserve() returns NULL for ifi

nlmsg_reserve() might return NULL

        if (nlmsg_len + tlen > nlmsg->cap)
                return NULL;

Also set err = -ENOMEM where appropriate

Signed-off-by: Wim Coekaerts <wim.coekaerts@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

diff --git a/src/lxc/network.c b/src/lxc/network.c
index 54367c8798ceef290f20e800073afc1af68c3c3e..a0d3f973e32ff2e584437f446e3cb3a1d0803c93 100644 (file)
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -108,6 +108,8 @@ int lxc_netdev_move_by_index(int ifindex, pid_t pid, const char* ifname)
        nlmsg->nlmsghdr->nlmsg_type = RTM_NEWLINK;
 
        ifi = nlmsg_reserve(nlmsg, sizeof(struct ifinfomsg));
+       if (!ifi)
+               goto out;
        ifi->ifi_family = AF_UNSPEC;
        ifi->ifi_index = ifindex;
 
@@ -164,6 +166,8 @@ int lxc_netdev_delete_by_index(int ifindex)
        nlmsg->nlmsghdr->nlmsg_type = RTM_DELLINK;
 
        ifi = nlmsg_reserve(nlmsg, sizeof(struct ifinfomsg));
+       if (!ifi)
+               goto out;
        ifi->ifi_family = AF_UNSPEC;
        ifi->ifi_index = ifindex;
 
@@ -214,6 +218,8 @@ int lxc_netdev_rename_by_index(int ifindex, const char *newname)
        nlmsg->nlmsghdr->nlmsg_type = RTM_NEWLINK;
 
        ifi = nlmsg_reserve(nlmsg, sizeof(struct ifinfomsg));
+       if (!ifi)
+               goto out;
        ifi->ifi_family = AF_UNSPEC;
        ifi->ifi_index = ifindex;
 
@@ -277,6 +283,10 @@ int netdev_set_flag(const char *name, int flag)
        nlmsg->nlmsghdr->nlmsg_type = RTM_NEWLINK;
 
        ifi = nlmsg_reserve(nlmsg, sizeof(struct ifinfomsg));
+       if (!ifi) {
+               err = -ENOMEM;
+               goto out;
+       }
        ifi->ifi_family = AF_UNSPEC;
        ifi->ifi_index = index;
        ifi->ifi_change |= IFF_UP;
@@ -327,6 +337,10 @@ int netdev_get_flag(const char* name, int *flag)
        nlmsg->nlmsghdr->nlmsg_type = RTM_GETLINK;
 
        ifi = nlmsg_reserve(nlmsg, sizeof(struct ifinfomsg));
+       if (!ifi) {
+               err = -ENOMEM;
+               goto out;
+       }
        ifi->ifi_family = AF_UNSPEC;
        ifi->ifi_index = index;
 
@@ -401,6 +415,8 @@ int netdev_get_mtu(int ifindex)
        nlmsg->nlmsghdr->nlmsg_type = RTM_GETLINK;
 
        ifi = nlmsg_reserve(nlmsg, sizeof(struct ifinfomsg));
+       if (!ifi)
+               goto out;
        ifi->ifi_family = AF_UNSPEC;
 
        /* Send the request for addresses, which returns all addresses
@@ -512,6 +528,10 @@ int lxc_netdev_set_mtu(const char *name, int mtu)
        nlmsg->nlmsghdr->nlmsg_type = RTM_NEWLINK;
 
        ifi = nlmsg_reserve(nlmsg, sizeof(struct ifinfomsg));
+       if (!ifi) {
+               err = -ENOMEM;
+               goto out;
+       }
        ifi->ifi_family = AF_UNSPEC;
        ifi->ifi_index = index;
 
@@ -571,6 +591,8 @@ int lxc_veth_create(const char *name1, const char *name2)
        nlmsg->nlmsghdr->nlmsg_type = RTM_NEWLINK;
 
        ifi = nlmsg_reserve(nlmsg, sizeof(struct ifinfomsg));
+       if (!ifi)
+               goto out;
        ifi->ifi_family = AF_UNSPEC;
 
        err = -EINVAL;
@@ -590,8 +612,10 @@ int lxc_veth_create(const char *name1, const char *name2)
                goto out;
 
        ifi = nlmsg_reserve(nlmsg, sizeof(struct ifinfomsg));
-       if (!ifi)
+       if (!ifi) {
+               err = -ENOMEM;
                goto out;
+       }
 
        if (nla_put_string(nlmsg, IFLA_IFNAME, name2))
                goto out;
@@ -654,6 +678,10 @@ int lxc_vlan_create(const char *master, const char *name, unsigned short vlanid)
        nlmsg->nlmsghdr->nlmsg_type = RTM_NEWLINK;
 
        ifi = nlmsg_reserve(nlmsg, sizeof(struct ifinfomsg));
+       if (!ifi) {
+               err = -ENOMEM;
+               goto err1;
+       }
        ifi->ifi_family = AF_UNSPEC;
 
        nest = nla_begin_nested(nlmsg, IFLA_LINKINFO);
@@ -730,6 +758,10 @@ int lxc_macvlan_create(const char *master, const char *name, int mode)
        nlmsg->nlmsghdr->nlmsg_type = RTM_NEWLINK;
 
        ifi = nlmsg_reserve(nlmsg, sizeof(struct ifinfomsg));
+       if (!ifi) {
+               err = -ENOMEM;
+               goto out;
+       }
        ifi->ifi_family = AF_UNSPEC;
 
        nest = nla_begin_nested(nlmsg, IFLA_LINKINFO);
@@ -911,6 +943,8 @@ static int ip_addr_add(int family, int ifindex,
        nlmsg->nlmsghdr->nlmsg_type = RTM_NEWADDR;
 
        ifa = nlmsg_reserve(nlmsg, sizeof(struct ifaddrmsg));
+       if (!ifa) 
+               goto out;
        ifa->ifa_prefixlen = prefix;
        ifa->ifa_index = ifindex;
        ifa->ifa_family = family;
@@ -1032,6 +1066,8 @@ static int ip_addr_get(int family, int ifindex, void **res)
        nlmsg->nlmsghdr->nlmsg_type = RTM_GETADDR;
 
        ifa = nlmsg_reserve(nlmsg, sizeof(struct ifaddrmsg));
+       if (!ifa)
+               goto out;
        ifa->ifa_family = family;
 
        /* Send the request for addresses, which returns all addresses
@@ -1146,6 +1182,8 @@ static int ip_gateway_add(int family, int ifindex, void *gw)
        nlmsg->nlmsghdr->nlmsg_type = RTM_NEWROUTE;
 
        rt = nlmsg_reserve(nlmsg, sizeof(struct rtmsg));
+       if (!rt)
+               goto out;
        rt->rtm_family = family;
        rt->rtm_table = RT_TABLE_MAIN;
        rt->rtm_scope = RT_SCOPE_UNIVERSE;
@@ -1210,6 +1248,8 @@ static int ip_route_dest_add(int family, int ifindex, void *dest)
        nlmsg->nlmsghdr->nlmsg_type = RTM_NEWROUTE;
 
        rt = nlmsg_reserve(nlmsg, sizeof(struct rtmsg));
+       if (!rt)
+               goto out;
        rt->rtm_family = family;
        rt->rtm_table = RT_TABLE_MAIN;
        rt->rtm_scope = RT_SCOPE_LINK;