Skip to content

Commit

Permalink
nl: avoid NULL pointer dereference
Browse files Browse the repository at this point in the history 
It's a valid case to call nla_put() with NULL data and 0 len. It's done e.g. in
the nla_put_attr().

There has to be a check for data in nla_put() as passing NULL to the memcpy()
is not allowed. Even if length is 0, both pointers have to be valid.

For a reference see C99 standard (7.21.1/2), it says: "pointer arguments on
such a call shall still have valid values".

Reported-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
[christian.brauner@ubuntu.com: adapted commit message]
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
  • Loading branch information
Rafał Miłecki authored and Christian Brauner committed Dec 10, 2018
1 parent a1b60d3 commit cba71d5
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/lxc/nl.c
View file
Expand Up @@ -61,7 +61,8 @@ static int nla_put(struct nlmsg *nlmsg, int attr,
rta = NLMSG_TAIL(nlmsg->nlmsghdr);
rta->rta_type = attr;
rta->rta_len = rtalen;
memcpy(RTA_DATA(rta), data, len);
if (data && len)
memcpy(RTA_DATA(rta), data, len);
nlmsg->nlmsghdr->nlmsg_len = tlen;
return 0;
}
Expand Down

0 comments on commit cba71d5

Please sign in to comment.