[iptables PATCH 13/28] libxtables: Avoid calling memcpy() with NULL source

Phil Sutter <phil@xxxxxx> · Wed, 19 Sep 2018 15:16:54 +0200

Both affected functions check if 'oldopts' is NULL once but later seem
to ignore that possibility. To catch up on that, increment the pointer
only if it isn't NULL, also don't copy its content into the merged
options buffer in that case.

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 libxtables/xtables.c   | 12 ++++++++----
 libxtables/xtoptions.c | 12 ++++++++----
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index f3966f15617a8..1b8e4b074b078 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -119,8 +119,10 @@ struct option *xtables_merge_options(struct option *orig_opts,
 	 * Since @oldopts also has @orig_opts already (and does so at the
 	 * start), skip these entries.
 	 */
-	oldopts += num_oold;
-	num_old -= num_oold;
+	if (oldopts != NULL) {
+		oldopts += num_oold;
+		num_old -= num_oold;
+	}
 
 	merge = malloc(sizeof(*mp) * (num_oold + num_old + num_new + 1));
 	if (merge == NULL)
@@ -139,8 +141,10 @@ struct option *xtables_merge_options(struct option *orig_opts,
 		mp->val += *option_offset;
 
 	/* Third, the old options */
-	memcpy(mp, oldopts, sizeof(*mp) * num_old);
-	mp += num_old;
+	if (oldopts != NULL) {
+		memcpy(mp, oldopts, sizeof(*mp) * num_old);
+		mp += num_old;
+	}
 	xtables_free_opts(0);
 
 	/* Clear trailing entry */
diff --git a/libxtables/xtoptions.c b/libxtables/xtoptions.c
index 326febd50dc90..05887a05eab71 100644
--- a/libxtables/xtoptions.c
+++ b/libxtables/xtoptions.c
@@ -91,8 +91,10 @@ xtables_options_xfrm(struct option *orig_opts, struct option *oldopts,
 	 * Since @oldopts also has @orig_opts already (and does so at the
 	 * start), skip these entries.
 	 */
-	oldopts += num_orig;
-	num_old -= num_orig;
+	if (oldopts != NULL) {
+		oldopts += num_orig;
+		num_old -= num_orig;
+	}
 
 	merge = malloc(sizeof(*mp) * (num_orig + num_old + num_new + 1));
 	if (merge == NULL)
@@ -114,8 +116,10 @@ xtables_options_xfrm(struct option *orig_opts, struct option *oldopts,
 	}
 
 	/* Third, the old options */
-	memcpy(mp, oldopts, sizeof(*mp) * num_old);
-	mp += num_old;
+	if (oldopts != NULL) {
+		memcpy(mp, oldopts, sizeof(*mp) * num_old);
+		mp += num_old;
+	}
 	xtables_free_opts(0);
 
 	/* Clear trailing entry */
-- 
2.18.0







