From 3fbbb074303ec3dafd97fcdeaa0a292068c23140 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 21 Feb 2023 19:50:41 +0100 Subject: [PATCH] netlink: Fix for potential NULL-pointer deref Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2211076 Upstream Status: nftables commit 927d5674e7bf6 commit 927d5674e7bf656428f97c54c9171006e8c3c75e Author: Phil Sutter Date: Tue Jan 10 22:36:58 2023 +0100 netlink: Fix for potential NULL-pointer deref If memory allocation fails, calloc() returns NULL which was not checked for. The code seems to expect zero array size though, so simply replacing this call by one of the x*calloc() ones won't work. So guard the call also by a check for 'len'. Fixes: db0697ce7f602 ("src: support for flowtable listing") Signed-off-by: Phil Sutter Signed-off-by: Phil Sutter --- src/netlink.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/netlink.c b/src/netlink.c index 799cf9b..dee1732 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -1700,7 +1700,8 @@ netlink_delinearize_flowtable(struct netlink_ctx *ctx, while (dev_array[len]) len++; - flowtable->dev_array = calloc(1, len * sizeof(char *)); + if (len) + flowtable->dev_array = xmalloc(len * sizeof(char *)); for (i = 0; i < len; i++) flowtable->dev_array[i] = xstrdup(dev_array[i]); -- 2.41.0.rc1