netfront.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
Commit 4821876fcd2ff ("mini-os: netfront: fix suspend/resume handling")
introduced a NULL pointer dereference in the initialization of netfront
in the case of no IP address being set in Xenstore.
Fix that by testing this condition. At the same time fix a long
standing bug for the same condition if someone used init_netfront()
with a non-NULL ip parameter.
Fixes: 4821876fcd2ff ("mini-os: netfront: fix suspend/resume handling")
Signed-off-by: Juergen Gross <jgross@suse.com>
---
netfront.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/netfront.c b/netfront.c
index f927e99..dfe065b 100644
--- a/netfront.c
+++ b/netfront.c
@@ -365,7 +365,7 @@ out:
rawmac[5] = dev->rawmac[5];
}
if (ip)
- *ip = strdup(dev->ip);
+ *ip = dev->ip ? strdup(dev->ip) : NULL;
err:
return dev;
@@ -527,7 +527,7 @@ done:
snprintf(path, sizeof(path), "%s/ip", dev->backend);
xenbus_read(XBT_NIL, path, &dev->ip);
- p = strchr(dev->ip, ' ');
+ p = dev->ip ? strchr(dev->ip, ' ') : NULL;
if (p) {
*p++ = '\0';
dev->mask = p;
--
2.26.2
Juergen Gross, le jeu. 19 août 2021 07:30:56 +0200, a ecrit: > Commit 4821876fcd2ff ("mini-os: netfront: fix suspend/resume handling") > introduced a NULL pointer dereference in the initialization of netfront > in the case of no IP address being set in Xenstore. > > Fix that by testing this condition. At the same time fix a long > standing bug for the same condition if someone used init_netfront() > with a non-NULL ip parameter. > > Fixes: 4821876fcd2ff ("mini-os: netfront: fix suspend/resume handling") > Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org> > --- > netfront.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/netfront.c b/netfront.c > index f927e99..dfe065b 100644 > --- a/netfront.c > +++ b/netfront.c > @@ -365,7 +365,7 @@ out: > rawmac[5] = dev->rawmac[5]; > } > if (ip) > - *ip = strdup(dev->ip); > + *ip = dev->ip ? strdup(dev->ip) : NULL; > > err: > return dev; > @@ -527,7 +527,7 @@ done: > snprintf(path, sizeof(path), "%s/ip", dev->backend); > xenbus_read(XBT_NIL, path, &dev->ip); > > - p = strchr(dev->ip, ' '); > + p = dev->ip ? strchr(dev->ip, ' ') : NULL; > if (p) { > *p++ = '\0'; > dev->mask = p; > -- > 2.26.2
© 2016 - 2024 Red Hat, Inc.