[PATCH 2/8] iptables: Coverity: FORWARD_NULL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



ip6tables.c:1841: var_compare_op: Comparing "chain" to null implies that "chain" might be null.
ip6tables.c:1863: var_deref_model: Passing null variable "chain" to function "strcmp", which
                  dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)
ip6tables.c:1946: var_deref_model: Passing null variable "chain" to function "ip6tc_delete_num_entry", which dereferences it.
libiptc/libiptc.c:2050: deref_parm_in_call: Function "iptcc_find_label" dereferences parameter "chain".
libiptc/libiptc.c:737: deref_parm_in_call: Function "strcmp" dereferences parameter "name".
                       (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)
ip6tables.c:1967: var_deref_model: Passing null variable "chain" to function "ip6tc_zero_counter", which dereferences it.
ip6tables.c:1999: var_deref_model: Passing null variable "chain" to function "ip6tc_create_chain", which dereferences it.
ip6tables.c:2005: var_deref_model: Passing null variable "chain" to function "ip6tc_rename_chain", which dereferences it.
ip6tables.c:2008: var_deref_model: Passing null variable "chain" to function "ip6tc_set_policy", which dereferences it.

iptables.c:1879: var_compare_op: Comparing "chain" to null implies that "chain" might be null.
iptables.c:1901: var_deref_model: Passing null variable "chain" to function "strcmp", which
                 dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)
iptables.c:1986: var_deref_model: Passing null variable "chain" to function "iptc_delete_num_entry", which dereferences it.
libiptc/libiptc.c:2050: deref_parm_in_call: Function "iptcc_find_label" dereferences parameter "chain".
libiptc/libiptc.c:737: deref_parm_in_call: Function "strcmp" dereferences parameter "name".
                       (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)
iptables.c:2007: var_deref_model: Passing null variable "chain" to function "iptc_zero_counter", which dereferences it.
iptables.c:2039: var_deref_model: Passing null variable "chain" to function "iptc_create_chain", which dereferences it.
iptables.c:2045: var_deref_model: Passing null variable "chain" to function "iptc_rename_chain", which dereferences it.
iptables.c:2048: var_deref_model: Passing null variable "chain" to function "iptc_set_policy", which dereferences it.

iptables.c:1828: var_compare_op: Comparing "policy" to null implies that "policy" might be null.
iptables.c:2048: var_deref_model: Passing null variable "policy" to function "iptc_set_policy", which dereferences it.
libiptc/libiptc.c:2422: deref_parm_in_call: Function "strcmp" dereferences parameter "policy".
                        (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

iptables-xml.c:745: assign_zero: Assigning: "chain" = 0.
iptables-xml.c:855: var_deref_model: Passing null variable "chain" to function "needChain", which dereferences it.
iptables-xml.c:282: deref_parm_in_call: Function "strcmp" dereferences parameter "chain".
                    (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)
---
 iptables/ip6tables.c    |    5 ++++-
 iptables/iptables-xml.c |    3 ++-
 iptables/iptables.c     |    8 ++++++--
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 4037acf..b30c9b7 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -1770,7 +1770,10 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
 
 	generic_opt_check(command, cs.options);
 
-	if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
+	if (chain == NULL)
+		xtables_error(PARAMETER_PROBLEM, "no chain");
+
+	if (strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
 		xtables_error(PARAMETER_PROBLEM,
 			   "chain name `%s' too long (must be under %u chars)",
 			   chain, XT_EXTENSION_MAXNAMELEN);
diff --git a/iptables/iptables-xml.c b/iptables/iptables-xml.c
index 5aa638c..e2cb809 100644
--- a/iptables/iptables-xml.c
+++ b/iptables/iptables-xml.c
@@ -847,7 +847,8 @@ main(int argc, char *argv[])
 			for (a = 0; a < newargc; a++)
 				DEBUGP("argv[%u]: %s\n", a, newargv[a]);
 
-			needChain(chain);// Should we explicitly look for -A
+			if (chain != NULL)
+				needChain(chain);// Should we explicitly look for -A
 			do_rule(pcnt, bcnt, newargc, newargv, newargvattr);
 
 			save_argv();
diff --git a/iptables/iptables.c b/iptables/iptables.c
index 4ae7541..4868e40 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -1800,7 +1800,10 @@ int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handl
 
 	generic_opt_check(command, cs.options);
 
-	if (chain != NULL && strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
+	if (chain == NULL)
+		xtables_error(PARAMETER_PROBLEM, "no chain");
+
+	if (strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
 		xtables_error(PARAMETER_PROBLEM,
 			   "chain name `%s' too long (must be under %u chars)",
 			   chain, XT_EXTENSION_MAXNAMELEN);
@@ -1978,7 +1981,8 @@ int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handl
 		ret = iptc_rename_chain(chain, newname,	*handle);
 		break;
 	case CMD_SET_POLICY:
-		ret = iptc_set_policy(chain, policy, cs.options&OPT_COUNTERS ? &cs.fw.counters : NULL, *handle);
+		if (policy != NULL)
+			ret = iptc_set_policy(chain, policy, cs.options&OPT_COUNTERS ? &cs.fw.counters : NULL, *handle);
 		break;
 	default:
 		/* We should never reach this... */
-- 
1.7.5.2

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux