[lxc-devel] [PATCH] check for data in nla_put() to avoid invalid memcpy() calls
Rafał Miłecki
zajec5 at gmail.com
Sun Jul 29 15:44:06 UTC 2018
From: Rafał Miłecki <rafal at milecki.pl>
It's a valid case to call nla_put() with NULL data and 0 len. It's done
e.g. in the nla_put_attr().
There has to be a check for data in nla_put() as passing NULL to the
memcpy() is not allowed. Even if length is 0, both pointers have to be
valid.
For a reference see C99 standard (7.21.1/2), it says: "pointer arguments
on such a call shall still have valid values".
Reported-by: Daniel Gimpelevich <daniel at gimpelevich.san-francisco.ca.us>
Signed-off-by: Rafał Miłecki <rafal at milecki.pl>
---
src/lxc/nl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/lxc/nl.c b/src/lxc/nl.c
index e1dd8443..dfe71110 100644
--- a/src/lxc/nl.c
+++ b/src/lxc/nl.c
@@ -61,7 +61,8 @@ static int nla_put(struct nlmsg *nlmsg, int attr,
rta = NLMSG_TAIL(nlmsg->nlmsghdr);
rta->rta_type = attr;
rta->rta_len = rtalen;
- memcpy(RTA_DATA(rta), data, len);
+ if (data && len)
+ memcpy(RTA_DATA(rta), data, len);
nlmsg->nlmsghdr->nlmsg_len = tlen;
return 0;
}
--
2.13.7
More information about the lxc-devel
mailing list