nftables/0028-netlink-Fix-for-potential-NULL-pointer-deref.patch

From 8bb864ad6586da7767cf4b90b75e62cd7324859d Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Tue, 21 Feb 2023 19:50:41 +0100
Subject: [PATCH] netlink: Fix for potential NULL-pointer deref

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2160049
Upstream Status: nftables commit 927d5674e7bf6

commit 927d5674e7bf656428f97c54c9171006e8c3c75e
Author: Phil Sutter <phil@nwl.cc>
Date:   Tue Jan 10 22:36:58 2023 +0100

    netlink: Fix for potential NULL-pointer deref

    If memory allocation fails, calloc() returns NULL which was not checked
    for. The code seems to expect zero array size though, so simply
    replacing this call by one of the x*calloc() ones won't work. So guard
    the call also by a check for 'len'.

    Fixes: db0697ce7f602 ("src: support for flowtable listing")
    Signed-off-by: Phil Sutter <phil@nwl.cc>

Signed-off-by: Phil Sutter <psutter@redhat.com>
---
 src/netlink.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/netlink.c b/src/netlink.c
index 799cf9b..dee1732 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1700,7 +1700,8 @@ netlink_delinearize_flowtable(struct netlink_ctx *ctx,
 	while (dev_array[len])
 		len++;
 
-	flowtable->dev_array = calloc(1, len * sizeof(char *));
+	if (len)
+		flowtable->dev_array = xmalloc(len * sizeof(char *));
 	for (i = 0; i < len; i++)
 		flowtable->dev_array[i] = xstrdup(dev_array[i]);
 
-- 
2.39.2