Hello!
I used a static analyzer to check iptables project and would like to
share with you some of my notes. I have received several warnings from
the analyzer, which I decided to inform you about.
1. libiptc/libiptc.c file, 499 line.
memset(h->chain_index, 0, array_mem) can lead to UB if "h->chain_index"
is NULL. A few lines above there is a check "if (h->chain_index == NULL
&& array_mem > 0)" but it may not work if the first condition is true
and the second is false.
2. extensions/libip6t_mh.c file, 111 line.
3. extentions/libxt_tcp.c file, 47 line.
4. extensions/libxt_sctp.c file, 74 and 171 lines.
It is possible to dereference a potentially null pointer "buffer". I
noticed this because other files have checks in similar places.
5. iptables/iptables-save.c file, 62 line.
Array overrun is possible if strlen(tablename) == 0. Maybe it's actually
safe, and a dangerous string can't be found in this file, but I couldn't
figure it out and decided to mention it just in case.
Thank you in advance for your answer,
Ivan Stepchenko
email: sid@xxxxxxxxxx
