From 8f24f6eed8d905fb6b64d003ae3f4f1e657301aa Mon Sep 17 00:00:00 2001

From: Phil Sutter <psutter@redhat.com>

Date: Fri, 6 Dec 2019 17:31:16 +0100

Subject: [PATCH] flowtable: Correctly check realloc() call

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1778952

Upstream Status: libnftnl commit 835d645f40525

commit 835d645f4052551c5c1829c37a07c882f2260f65

Author: Phil Sutter <phil@nwl.cc>

Date:   Mon Dec 2 23:08:07 2019 +0100

    flowtable: Correctly check realloc() call

    If realloc() fails, it returns NULL but the original pointer is

    untouchted and therefore still has to be freed. Unconditionally

    overwriting the old pointer is therefore a bad idea, use a temporary

    variable instead.

    Fixes: 7f99639dd9217 ("flowtable: device array dynamic allocation")

    Signed-off-by: Phil Sutter <phil@nwl.cc>

    Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>

---

 src/flowtable.c | 11 +++++------

 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/flowtable.c b/src/flowtable.c

index db31943..9ba3b6d 100644

--- a/src/flowtable.c

+++ b/src/flowtable.c

@@ -388,7 +388,7 @@ static int nftnl_flowtable_parse_hook_cb(const struct nlattr *attr, void *data)

 static int nftnl_flowtable_parse_devs(struct nlattr *nest,

 				      struct nftnl_flowtable *c)

 {

-	const char **dev_array;

+	const char **dev_array, **tmp;

 	int len = 0, size = 8;

 	struct nlattr *attr;

@@ -401,14 +401,13 @@ static int nftnl_flowtable_parse_devs(struct nlattr *nest,

 			goto err;

 		dev_array[len++] = strdup(mnl_attr_get_str(attr));

 		if (len >= size) {

-			dev_array = realloc(dev_array,

-					    size * 2 * sizeof(char *));

-			if (!dev_array)

+			tmp = realloc(dev_array, size * 2 * sizeof(char *));

+			if (!tmp)

 				goto err;

 			size *= 2;

-			memset(&dev_array[len], 0,

-			       (size - len) * sizeof(char *));

+			memset(&tmp[len], 0, (size - len) * sizeof(char *));

+			dev_array = tmp;

 		}

 	}

-- 

1.8.3.1