]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a1b60d3)
nl: avoid NULL pointer dereference
authorRafał Miłecki <rafal@milecki.pl>
Sun, 29 Jul 2018 15:44:06 +0000 (17:44 +0200)
committerChristian Brauner <christian.brauner@ubuntu.com>
Mon, 10 Dec 2018 15:01:03 +0000 (16:01 +0100)
It's a valid case to call nla_put() with NULL data and 0 len. It's done e.g. in
the nla_put_attr().

There has to be a check for data in nla_put() as passing NULL to the memcpy()
is not allowed. Even if length is 0, both pointers have to be valid.

For a reference see C99 standard (7.21.1/2), it says: "pointer arguments on
such a call shall still have valid values".

Reported-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
[christian.brauner@ubuntu.com: adapted commit message]
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
src/lxc/nl.c patch | blob | blame | history

diff --git a/src/lxc/nl.c b/src/lxc/nl.c
index f194efcf2bb920a7cd1c22995d3f8718e241657a..575e3d98adc7c1a7ab828332c46e3812e49b545d 100644 (file)
--- a/src/lxc/nl.c
+++ b/src/lxc/nl.c
@@ -61,7 +61,8 @@ static int nla_put(struct nlmsg *nlmsg, int attr,
        rta = NLMSG_TAIL(nlmsg->nlmsghdr);
        rta->rta_type = attr;
        rta->rta_len = rtalen;
-       memcpy(RTA_DATA(rta), data, len);
+       if (data && len)
+               memcpy(RTA_DATA(rta), data, len);
        nlmsg->nlmsghdr->nlmsg_len = tlen;
        return 0;
 }
Mirror of https://github.com/lxc/lxc.git