1. Patchew
  2. linux
  3. View series

[PATCH net V2] selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack()

Liu Ye posted 1 patch 11 months ago
There is a newer version of this series
tools/testing/selftests/net/ipsec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
[PATCH net V2] selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack()
Posted by Liu Ye 11 months ago 
From: liuye <liuye@kylinos.cn>

From: Liu Ye <liuye@kylinos.cn>

Address Null pointer dereference in rtattr_pack.

Flagged by cppcheck as:
    tools/testing/selftests/net/ipsec.c:230:25: warning: Possible null pointer
    dereference: payload [nullPointer]
    memcpy(RTA_DATA(attr), payload, size);
                           ^
    tools/testing/selftests/net/ipsec.c:1618:54: note: Calling function 'rtattr_pack',
    4th argument 'NULL' value is 0
    if (rtattr_pack(&req.nh, sizeof(req), XFRMA_IF_ID, NULL, 0)) {
                                                       ^
    tools/testing/selftests/net/ipsec.c:230:25: note: Null pointer dereference
    memcpy(RTA_DATA(attr), payload, size);
                           ^
Fixes: 70bfdf62e93a ("selftests/net/ipsec: Add test for xfrm_spdattr_type_t")
---
V2: Modify description.
    Add code checking tools.
    Separating family and given name in Signed-off-by line.
    Modify code format.
    Add fixes.
---

Signed-off-by: Liu Ye <liuye@kylinos.cn>
---
 tools/testing/selftests/net/ipsec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tools/testing/selftests/net/ipsec.c b/tools/testing/selftests/net/ipsec.c
index be4a30a0d02a..9b44a091802c 100644
--- a/tools/testing/selftests/net/ipsec.c
+++ b/tools/testing/selftests/net/ipsec.c
@@ -227,7 +227,8 @@ static int rtattr_pack(struct nlmsghdr *nh, size_t req_sz,
 
 	attr->rta_len = RTA_LENGTH(size);
 	attr->rta_type = rta_type;
-	memcpy(RTA_DATA(attr), payload, size);
+	if (payload)
+		memcpy(RTA_DATA(attr), payload, size);
 
 	return 0;
 }
-- 
2.25.1
Re: [PATCH net V2] selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack()
Posted by Jakub Kicinski 11 months ago 
On Wed, 15 Jan 2025 11:13:22 +0800 Liu Ye wrote:
> From: liuye <liuye@kylinos.cn>
> 
> From: Liu Ye <liuye@kylinos.cn>

too many From lines.

> Address Null pointer dereference in rtattr_pack.

I think size is 0 in the bad case, so it's more of an undefinied
behavior.

> Flagged by cppcheck as:
>     tools/testing/selftests/net/ipsec.c:230:25: warning: Possible null pointer
>     dereference: payload [nullPointer]
>     memcpy(RTA_DATA(attr), payload, size);
>                            ^
>     tools/testing/selftests/net/ipsec.c:1618:54: note: Calling function 'rtattr_pack',
>     4th argument 'NULL' value is 0
>     if (rtattr_pack(&req.nh, sizeof(req), XFRMA_IF_ID, NULL, 0)) {
>                                                        ^
>     tools/testing/selftests/net/ipsec.c:230:25: note: Null pointer dereference
>     memcpy(RTA_DATA(attr), payload, size);
>                            ^
> Fixes: 70bfdf62e93a ("selftests/net/ipsec: Add test for xfrm_spdattr_type_t")

Your Sign-off needs to be right after fixes.

> ---
> V2: Modify description.
>     Add code checking tools.
>     Separating family and given name in Signed-off-by line.
>     Modify code format.
>     Add fixes.
> ---

Please post v3 as a new thread (not in reply to).
-- 
pw-bot: cr

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.