diff options
| author | Thomas Haller <thaller@redhat.com> | 2023-11-27 21:15:06 +0100 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2023-11-29 16:03:40 +0100 |
| commit | 49c20efaa783449dca424cc50e4ee4b2fc5351cc (patch) | |
| tree | b923fa96560dbad0dce62a58805c344ff1ac44ae | |
| parent | 9e7b5c86ce68eebdd48be6ef93561ff8618b4674 (diff) | |
| download | libnl-49c20efaa783449dca424cc50e4ee4b2fc5351cc.tar.gz | |
xfrm: fix crashes in case of ENOMEM
| -rw-r--r-- | lib/xfrm/ae.c | 11 | ||||
| -rw-r--r-- | lib/xfrm/sa.c | 34 | ||||
| -rw-r--r-- | lib/xfrm/sp.c | 20 |
3 files changed, 51 insertions, 14 deletions
diff --git a/lib/xfrm/ae.c b/lib/xfrm/ae.c index 288ff3d1..6369f32f 100644 --- a/lib/xfrm/ae.c +++ b/lib/xfrm/ae.c @@ -541,11 +541,18 @@ int xfrmnl_ae_parse(struct nlmsghdr *n, struct xfrmnl_ae **result) if (err < 0) goto errout; - ae->sa_id.daddr = _nl_addr_build(ae_id->sa_id.family, &ae_id->sa_id.daddr); + if (!(ae->sa_id.daddr = _nl_addr_build(ae_id->sa_id.family, + &ae_id->sa_id.daddr))) { + err = -NLE_NOMEM; + goto errout; + } ae->sa_id.family= ae_id->sa_id.family; ae->sa_id.spi = ntohl(ae_id->sa_id.spi); ae->sa_id.proto = ae_id->sa_id.proto; - ae->saddr = _nl_addr_build(ae_id->sa_id.family, &ae_id->saddr); + if (!(ae->saddr = _nl_addr_build(ae_id->sa_id.family, &ae_id->saddr))) { + err = -NLE_NOMEM; + goto errout; + } ae->reqid = ae_id->reqid; ae->flags = ae_id->flags; ae->ce_mask |= (XFRM_AE_ATTR_DADDR | XFRM_AE_ATTR_FAMILY | XFRM_AE_ATTR_SPI | diff --git a/lib/xfrm/sa.c b/lib/xfrm/sa.c index c0307235..96ee754f 100644 --- a/lib/xfrm/sa.c +++ b/lib/xfrm/sa.c @@ -806,12 +806,18 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result) if (err < 0) goto errout; - addr1 = _nl_addr_build(sa_info->sel.family, &sa_info->sel.daddr); + if (!(addr1 = _nl_addr_build(sa_info->sel.family, &sa_info->sel.daddr))) { + err = -NLE_NOMEM; + goto errout; + } nl_addr_set_prefixlen (addr1, sa_info->sel.prefixlen_d); xfrmnl_sel_set_daddr (sa->sel, addr1); xfrmnl_sel_set_prefixlen_d (sa->sel, sa_info->sel.prefixlen_d); - addr2 = _nl_addr_build(sa_info->sel.family, &sa_info->sel.saddr); + if (!(addr2 = _nl_addr_build(sa_info->sel.family, &sa_info->sel.saddr))) { + err = -NLE_NOMEM; + goto errout; + } nl_addr_set_prefixlen (addr2, sa_info->sel.prefixlen_s); xfrmnl_sel_set_saddr (sa->sel, addr2); xfrmnl_sel_set_prefixlen_s (sa->sel, sa_info->sel.prefixlen_s); @@ -826,12 +832,18 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result) xfrmnl_sel_set_userid (sa->sel, sa_info->sel.user); sa->ce_mask |= XFRM_SA_ATTR_SEL; - sa->id.daddr = _nl_addr_build(sa_info->family, &sa_info->id.daddr); + if (!(sa->id.daddr = _nl_addr_build(sa_info->family, &sa_info->id.daddr))) { + err = -NLE_NOMEM; + goto errout; + } sa->id.spi = ntohl(sa_info->id.spi); sa->id.proto = sa_info->id.proto; sa->ce_mask |= (XFRM_SA_ATTR_DADDR | XFRM_SA_ATTR_SPI | XFRM_SA_ATTR_PROTO); - sa->saddr = _nl_addr_build(sa_info->family, &sa_info->saddr); + if (!(sa->saddr = _nl_addr_build(sa_info->family, &sa_info->saddr))) { + err = -NLE_NOMEM; + goto errout; + } sa->ce_mask |= XFRM_SA_ATTR_SADDR; sa->lft->soft_byte_limit = sa_info->lft.soft_byte_limit; @@ -938,8 +950,11 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result) sa->encap->encap_type = encap->encap_type; sa->encap->encap_sport = ntohs(encap->encap_sport); sa->encap->encap_dport = ntohs(encap->encap_dport); - sa->encap->encap_oa = - _nl_addr_build(sa_info->family, &encap->encap_oa); + if (!(sa->encap->encap_oa = _nl_addr_build(sa_info->family, + &encap->encap_oa))) { + err = -NLE_NOMEM; + goto errout; + } sa->ce_mask |= XFRM_SA_ATTR_ENCAP; } @@ -949,8 +964,11 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result) } if (tb[XFRMA_COADDR]) { - sa->coaddr = _nl_addr_build(sa_info->family, - nla_data(tb[XFRMA_COADDR])); + if (!(sa->coaddr = _nl_addr_build( + sa_info->family, nla_data(tb[XFRMA_COADDR])))) { + err = -NLE_NOMEM; + goto errout; + } sa->ce_mask |= XFRM_SA_ATTR_COADDR; } diff --git a/lib/xfrm/sp.c b/lib/xfrm/sp.c index 3b0d0b87..0e17f4ba 100644 --- a/lib/xfrm/sp.c +++ b/lib/xfrm/sp.c @@ -592,12 +592,18 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result) goto errout; } - addr1 = _nl_addr_build(sp_info->sel.family, &sp_info->sel.daddr); + if (!(addr1 = _nl_addr_build(sp_info->sel.family, &sp_info->sel.daddr))) { + err = -NLE_NOMEM; + goto errout; + } nl_addr_set_prefixlen (addr1, sp_info->sel.prefixlen_d); xfrmnl_sel_set_daddr (sp->sel, addr1); xfrmnl_sel_set_prefixlen_d (sp->sel, sp_info->sel.prefixlen_d); - addr2 = _nl_addr_build(sp_info->sel.family, &sp_info->sel.saddr); + if (!(addr2 = _nl_addr_build(sp_info->sel.family, &sp_info->sel.saddr))) { + err = -NLE_NOMEM; + goto errout; + } nl_addr_set_prefixlen (addr2, sp_info->sel.prefixlen_s); xfrmnl_sel_set_saddr (sp->sel, addr2); xfrmnl_sel_set_prefixlen_s (sp->sel, sp_info->sel.prefixlen_s); @@ -673,13 +679,19 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result) goto errout; } - addr1 = _nl_addr_build(tmpl->family, &tmpl->id.daddr); + if (!(addr1 = _nl_addr_build(tmpl->family, &tmpl->id.daddr))) { + err = -NLE_NOMEM; + goto errout; + } xfrmnl_user_tmpl_set_daddr (sputmpl, addr1); xfrmnl_user_tmpl_set_spi (sputmpl, ntohl(tmpl->id.spi)); xfrmnl_user_tmpl_set_proto (sputmpl, tmpl->id.proto); xfrmnl_user_tmpl_set_family (sputmpl, tmpl->family); - addr2 = _nl_addr_build(tmpl->family, &tmpl->saddr); + if (!(addr2 = _nl_addr_build(tmpl->family, &tmpl->saddr))) { + err = -NLE_NOMEM; + goto errout; + } xfrmnl_user_tmpl_set_saddr (sputmpl, addr2); xfrmnl_user_tmpl_set_reqid (sputmpl, tmpl->reqid); |