From 87b3ea5c8596ca946f37df9129d0f87d87b6ea1a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Rafa=C5=82=20Mi=C5=82ecki?= Date: Sun, 29 Jul 2018 21:08:05 +0200 Subject: [PATCH] lxc: nl: avoid NULL pointer dereference MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This backports upstream fix from the master branch. Signed-off-by: Rafał Miłecki (cherry picked from commit 13d57a5e9f1996109416724ba145a33e07248fb6) (cherry picked from commit 6e1104cc6da900bb5a014217fa79d964246f7a40) --- utils/lxc/Makefile | 2 +- ...01-nl-avoid-NULL-pointer-dereference.patch | 37 +++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 utils/lxc/patches/001-nl-avoid-NULL-pointer-dereference.patch diff --git a/utils/lxc/Makefile b/utils/lxc/Makefile index 288d5039cf..8f0798c675 100644 --- a/utils/lxc/Makefile +++ b/utils/lxc/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=lxc PKG_VERSION:=2.1.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_LICENSE:=LGPL-2.1+ BSD-2-Clause GPL-2.0 PKG_MAINTAINER:=Marko Ratkaj diff --git a/utils/lxc/patches/001-nl-avoid-NULL-pointer-dereference.patch b/utils/lxc/patches/001-nl-avoid-NULL-pointer-dereference.patch new file mode 100644 index 0000000000..4c402a0604 --- /dev/null +++ b/utils/lxc/patches/001-nl-avoid-NULL-pointer-dereference.patch @@ -0,0 +1,37 @@ +From c8f05589644d6b719e5a2c7fc548604f248be9be Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= +Date: Sun, 29 Jul 2018 17:44:06 +0200 +Subject: [PATCH] nl: avoid NULL pointer dereference +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +It's a valid case to call nla_put() with NULL data and 0 len. It's done e.g. in +the nla_put_attr(). + +There has to be a check for data in nla_put() as passing NULL to the memcpy() +is not allowed. Even if length is 0, both pointers have to be valid. + +For a reference see C99 standard (7.21.1/2), it says: "pointer arguments on +such a call shall still have valid values". + +Reported-by: Daniel Gimpelevich +Signed-off-by: Rafał Miłecki +[christian.brauner@ubuntu.com: adapted commit message] +Signed-off-by: Christian Brauner +--- + src/lxc/nl.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/src/lxc/nl.c ++++ b/src/lxc/nl.c +@@ -61,7 +61,8 @@ static int nla_put(struct nlmsg *nlmsg, + rta = NLMSG_TAIL(nlmsg->nlmsghdr); + rta->rta_type = attr; + rta->rta_len = rtalen; +- memcpy(RTA_DATA(rta), data, len); ++ if (data && len) ++ memcpy(RTA_DATA(rta), data, len); + nlmsg->nlmsghdr->nlmsg_len = tlen; + return 0; + } -- 2.30.2