[libvirt] [PATCH 3/7] nwfilter_ebiptables_driver.c: avoid NULL dereference

Daniel P. Berrange berrange at redhat.com
Wed Apr 14 17:40:17 UTC 2010 

On Wed, Apr 14, 2010 at 06:02:32PM +0200, Jim Meyering wrote:
> From: Jim Meyering <meyering at redhat.com>
> 
> * src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesApplyNewRules):
> Don't dereference a NULL or uninitialized pointer when given
> an empty list of rules.  Add an sa_assert(inst) in each loop to
> tell clang that the uses of "inst[i]" are valid.
> ---
>  src/nwfilter/nwfilter_ebiptables_driver.c |    8 +++++---
>  1 files changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
> index b481b4c..f54099f 100644
> --- a/src/nwfilter/nwfilter_ebiptables_driver.c
> +++ b/src/nwfilter/nwfilter_ebiptables_driver.c
> @@ -2834,11 +2834,11 @@ ebiptablesApplyNewRules(virConnectPtr conn ATTRIBUTE_UNUSED,
>      bool haveIptables = false;
>      bool haveIp6tables = false;
> 
> -    if (inst)
> -        qsort(inst, nruleInstances, sizeof(inst[0]),
> -              ebiptablesRuleOrderSort);
> +    if (nruleInstances > 1 && inst)
> +        qsort(inst, nruleInstances, sizeof(inst[0]), ebiptablesRuleOrderSort);
> 
>      for (i = 0; i < nruleInstances; i++) {
> +        sa_assert (inst);
>          if (inst[i]->ruleType == RT_EBTABLES) {
>              if (inst[i]->chainprefix == CHAINPREFIX_HOST_IN_TEMP)
>                  chains_in  |= (1 << inst[i]->neededProtocolChain);
> @@ -2881,6 +2881,7 @@ ebiptablesApplyNewRules(virConnectPtr conn ATTRIBUTE_UNUSED,
>          goto tear_down_tmpebchains;
> 
>      for (i = 0; i < nruleInstances; i++)
> +        sa_assert (inst);
>          switch (inst[i]->ruleType) {
>          case RT_EBTABLES:
>              ebiptablesInstCommand(&buf,
> @@ -2918,6 +2919,7 @@ ebiptablesApplyNewRules(virConnectPtr conn ATTRIBUTE_UNUSED,
>             goto tear_down_tmpiptchains;
> 
>          for (i = 0; i < nruleInstances; i++) {
> +            sa_assert (inst);
>              if (inst[i]->ruleType == RT_IPTABLES)
>                  iptablesInstCommand(&buf,
>                                      inst[i]->commandTemplate,

ACK


Daniel
-- 
|: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org        -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

More information about the libvir-list mailing list