diff options
| author | Liu Ye <liuye@kylinos.cn> | 2025-01-16 09:30:37 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-02-17 10:04:54 +0100 |
| commit | 4f60eff8b5e6f22455a651596f7c73d7f3b5de00 (patch) | |
| tree | 4ca00821910a7315e9136fb4e29469bbf882d4e1 /tools/testing | |
| parent | c257c15845e7c083bcf26acc7a9302caf18fc797 (diff) | |
| download | linux-4f60eff8b5e6f22455a651596f7c73d7f3b5de00.tar.gz linux-4f60eff8b5e6f22455a651596f7c73d7f3b5de00.tar.bz2 linux-4f60eff8b5e6f22455a651596f7c73d7f3b5de00.zip | |
selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack()
[ Upstream commit 3a0b7fa095212b51ed63892540c4f249991a2d74 ]
Address Null pointer dereference / undefined behavior in rtattr_pack
(note that size is 0 in the bad case).
Flagged by cppcheck as:
tools/testing/selftests/net/ipsec.c:230:25: warning: Possible null pointer
dereference: payload [nullPointer]
memcpy(RTA_DATA(attr), payload, size);
^
tools/testing/selftests/net/ipsec.c:1618:54: note: Calling function 'rtattr_pack',
4th argument 'NULL' value is 0
if (rtattr_pack(&req.nh, sizeof(req), XFRMA_IF_ID, NULL, 0)) {
^
tools/testing/selftests/net/ipsec.c:230:25: note: Null pointer dereference
memcpy(RTA_DATA(attr), payload, size);
^
Signed-off-by: Liu Ye <liuye@kylinos.cn>
Link: https://patch.msgid.link/20250116013037.29470-1-liuye@kylinos.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'tools/testing')
| -rw-r--r-- | tools/testing/selftests/net/ipsec.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/tools/testing/selftests/net/ipsec.c b/tools/testing/selftests/net/ipsec.c index be4a30a0d02a..9b44a091802c 100644 --- a/tools/testing/selftests/net/ipsec.c +++ b/tools/testing/selftests/net/ipsec.c @@ -227,7 +227,8 @@ static int rtattr_pack(struct nlmsghdr *nh, size_t req_sz, attr->rta_len = RTA_LENGTH(size); attr->rta_type = rta_type; - memcpy(RTA_DATA(attr), payload, size); + if (payload) + memcpy(RTA_DATA(attr), payload, size); return 0; } |