From: Amos Jeffries <squid3@treenet.co.nz>
Date: Wed, 15 Jan 2014 01:23:14 +0000 (+1300)
Subject: Fix rfcnb library potential NULL pointer dereference
X-Git-Tag: SQUID_3_5_0_1~414
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=71ef189433f5fb0dec3e5e69bfd6596c194e069c;p=thirdparty%2Fsquid.git

Fix rfcnb library potential NULL pointer dereference

Malformed RFCNB packet may lead to crash.

 Detected by Coverity Scan. Issue 740355.
---

diff --git a/lib/rfcnb/rfcnb-io.c b/lib/rfcnb/rfcnb-io.c
index fea3b2829a..f628f1b3f5 100644
--- a/lib/rfcnb/rfcnb-io.c
+++ b/lib/rfcnb/rfcnb-io.c
@@ -382,7 +382,7 @@ RFCNB_Get_Pkt(struct RFCNB_Con *con, struct RFCNB_Pkt *pkt, int len)
         offset = RFCNB_Pkt_Hdr_Len;     /* Otherwise skip the header       */
     }
 
-    frag_len = pkt_frag->len;
+    frag_len = (pkt_frag ? pkt_frag->len : 0);
 
     if (more <= frag_len)       /* If len left to get less than frag space */
         this_len = more;        /* Get the rest ...                        */