Blame SOURCES/0010-netlink-Avoid-potential-NULL-pointer-deref-in-netlin.patch

911625
From 55c537734f476d04c18f67083642b96bbead6219 Mon Sep 17 00:00:00 2001
911625
From: Phil Sutter <psutter@redhat.com>
911625
Date: Mon, 27 Jan 2020 16:11:41 +0100
911625
Subject: [PATCH] netlink: Avoid potential NULL-pointer deref in
911625
 netlink_gen_payload_stmt()
911625
911625
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1793030
911625
Upstream Status: nftables commit c9ddf0bff363f
911625
911625
commit c9ddf0bff363fc9101b563b592db600bdf4d65c5
911625
Author: Phil Sutter <phil@nwl.cc>
911625
Date:   Mon Jan 20 16:32:40 2020 +0100
911625
911625
    netlink: Avoid potential NULL-pointer deref in netlink_gen_payload_stmt()
911625
911625
    With payload_needs_l4csum_update_pseudohdr() unconditionally
911625
    dereferencing passed 'desc' parameter and a previous check for it to be
911625
    non-NULL, make sure to call the function only if input is sane.
911625
911625
    Fixes: 68de70f2b3fc6 ("netlink_linearize: fix IPv6 layer 4 checksum mangling")
911625
    Signed-off-by: Phil Sutter <phil@nwl.cc>
911625
    Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
911625
---
911625
 src/netlink_linearize.c | 2 +-
911625
 1 file changed, 1 insertion(+), 1 deletion(-)
911625
911625
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
911625
index 498326d..cb1b7fe 100644
911625
--- a/src/netlink_linearize.c
911625
+++ b/src/netlink_linearize.c
911625
@@ -941,7 +941,7 @@ static void netlink_gen_payload_stmt(struct netlink_linearize_ctx *ctx,
911625
 		nftnl_expr_set_u32(nle, NFTNL_EXPR_PAYLOAD_CSUM_OFFSET,
911625
 				   csum_off / BITS_PER_BYTE);
911625
 	}
911625
-	if (expr->payload.base == PROTO_BASE_NETWORK_HDR &&
911625
+	if (expr->payload.base == PROTO_BASE_NETWORK_HDR && desc &&
911625
 	    payload_needs_l4csum_update_pseudohdr(expr, desc))
911625
 		nftnl_expr_set_u32(nle, NFTNL_EXPR_PAYLOAD_FLAGS,
911625
 				   NFT_PAYLOAD_L4CSUM_PSEUDOHDR);
911625
-- 
911625
1.8.3.1
911625