netlink_delinearize is prepared to deal with malformed expressions from the kernel that it doesn't understand. However since expressions are now cloned unconditionally by netlink_get_register(), we crash before such errors can be detected for invalid inputs. Fix by only cloning non-NULL expressions. Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx> --- src/netlink_delinearize.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index e9a04dd..79d5af6 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -75,7 +75,10 @@ static struct expr *netlink_get_register(struct netlink_parse_ctx *ctx, } expr = ctx->registers[reg]; - return expr_clone(expr); + if (expr != NULL) + expr = expr_clone(expr); + + return expr; } static void netlink_release_registers(struct netlink_parse_ctx *ctx) -- 2.1.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
