Blame SOURCES/0005-chain-Correctly-check-realloc-call.patch

763a55
From 2facd747b6bbcd3716841e6213b7b9e9b94c556a Mon Sep 17 00:00:00 2001
763a55
From: Phil Sutter <psutter@redhat.com>
763a55
Date: Fri, 6 Dec 2019 17:31:16 +0100
763a55
Subject: [PATCH] chain: Correctly check realloc() call
763a55
763a55
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1778952
763a55
Upstream Status: libnftnl commit d95a703746d53
763a55
763a55
commit d95a703746d5394d56a9f464e343594e4882da0d
763a55
Author: Phil Sutter <phil@nwl.cc>
763a55
Date:   Mon Dec 2 23:12:34 2019 +0100
763a55
763a55
    chain: Correctly check realloc() call
763a55
763a55
    If realloc() fails, it returns NULL but the original pointer is
763a55
    untouchted and therefore still has to be freed. Unconditionally
763a55
    overwriting the old pointer is therefore a bad idea, use a temporary
763a55
    variable instead.
763a55
763a55
    Fixes: e3ac19b5ec162 ("chain: multi-device support")
763a55
    Signed-off-by: Phil Sutter <phil@nwl.cc>
763a55
    Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
763a55
---
763a55
 src/chain.c | 11 +++++------
763a55
 1 file changed, 5 insertions(+), 6 deletions(-)
763a55
763a55
diff --git a/src/chain.c b/src/chain.c
763a55
index 9cc8735..b9a16fc 100644
763a55
--- a/src/chain.c
763a55
+++ b/src/chain.c
763a55
@@ -605,7 +605,7 @@ static int nftnl_chain_parse_hook_cb(const struct nlattr *attr, void *data)
763a55
 
763a55
 static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c)
763a55
 {
763a55
-	const char **dev_array;
763a55
+	const char **dev_array, **tmp;
763a55
 	int len = 0, size = 8;
763a55
 	struct nlattr *attr;
763a55
 
763a55
@@ -618,14 +618,13 @@ static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c)
763a55
 			goto err;
763a55
 		dev_array[len++] = strdup(mnl_attr_get_str(attr));
763a55
 		if (len >= size) {
763a55
-			dev_array = realloc(dev_array,
763a55
-					    size * 2 * sizeof(char *));
763a55
-			if (!dev_array)
763a55
+			tmp = realloc(dev_array, size * 2 * sizeof(char *));
763a55
+			if (!tmp)
763a55
 				goto err;
763a55
 
763a55
 			size *= 2;
763a55
-			memset(&dev_array[len], 0,
763a55
-			       (size - len) * sizeof(char *));
763a55
+			memset(&tmp[len], 0, (size - len) * sizeof(char *));
763a55
+			dev_array = tmp;
763a55
 		}
763a55
 	}
763a55
 
763a55
-- 
763a55
1.8.3.1
763a55