[lxc-devel] [PATCH] NULL pointer deference if nlmsg_reserve() returns NULL for ifi

[wim.coekaerts at oracle.com]

From: Wim Coekaerts <wim.coekaerts at oracle.com>

nlmsg_reserve() might return NULL

        if (nlmsg_len + tlen > nlmsg->cap)
                return NULL;

Signed-off-by: Wim Coekaerts <wim.coekaerts at oracle.com>
---
 src/lxc/network.c |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/src/lxc/network.c b/src/lxc/network.c
index a6740f5..731c374 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -274,6 +274,8 @@ int lxc_netdev_delete_by_index(int ifindex)
 	nlmsg->nlmsghdr->nlmsg_type = RTM_DELLINK;
 
 	ifi = nlmsg_reserve(nlmsg, sizeof(struct ifinfomsg));
+	if (!ifi)
+		goto out;
 	ifi->ifi_family = AF_UNSPEC;
 	ifi->ifi_index = ifindex;
 
@@ -324,6 +326,8 @@ int lxc_netdev_rename_by_index(int ifindex, const char *newname)
 	nlmsg->nlmsghdr->nlmsg_type = RTM_NEWLINK;
 
 	ifi = nlmsg_reserve(nlmsg, sizeof(struct ifinfomsg));
+	if (!ifi)
+		goto out;
 	ifi->ifi_family = AF_UNSPEC;
 	ifi->ifi_index = ifindex;
 
@@ -387,6 +391,8 @@ int netdev_set_flag(const char *name, int flag)
 	nlmsg->nlmsghdr->nlmsg_type = RTM_NEWLINK;
 
 	ifi = nlmsg_reserve(nlmsg, sizeof(struct ifinfomsg));
+	if (!ifi)
+		goto out;
 	ifi->ifi_family = AF_UNSPEC;
 	ifi->ifi_index = index;
 	ifi->ifi_change |= IFF_UP;
@@ -437,6 +443,8 @@ int netdev_get_flag(const char* name, int *flag)
 	nlmsg->nlmsghdr->nlmsg_type = RTM_GETLINK;
 
 	ifi = nlmsg_reserve(nlmsg, sizeof(struct ifinfomsg));
+	if (!ifi)
+		goto out;
 	ifi->ifi_family = AF_UNSPEC;
 	ifi->ifi_index = index;
 
-- 
1.7.1