proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-27 09:48:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

nl: avoid NULL pointer dereference

Browse Source 
It's a valid case to call nla_put() with NULL data and 0 len. It's done e.g. in
the nla_put_attr().

There has to be a check for data in nla_put() as passing NULL to the memcpy()
is not allowed. Even if length is 0, both pointers have to be valid.

For a reference see C99 standard (7.21.1/2), it says: "pointer arguments on
such a call shall still have valid values".

Reported-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
[christian.brauner@ubuntu.com: adapted commit message]
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
Rafał Miłecki 2018-07-29 17:44:06 +02:00 committed by Christian Brauner
parent a4f181a448
commit c8f0558964
No known key found for this signature in database
GPG Key ID: 8EB056D53EECB12D
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/lxc/nl.c
View File

@ -61,7 +61,8 @@ static int nla_put(struct nlmsg *nlmsg, int attr,
rta = NLMSG_TAIL(nlmsg->nlmsghdr);
rta->rta_type = attr;
rta->rta_len = rtalen;
memcpy(RTA_DATA(rta), data, len);
if (data && len)
memcpy(RTA_DATA(rta), data, len);
nlmsg->nlmsghdr->nlmsg_len = tlen;
return 0;
}