From c0a6e6fd15f74c429a0b74e0dfd4de5a29aabebd Mon Sep 17 00:00:00 2001
From: Paul Moore <paul@paul-moore.com>
Date: Tue, 16 Jun 2020 19:17:40 -0400
Subject: bpf: don't return a bogus pointer when gen_bpf_generate() fails

In the case where gen_bpf_generate() fails due to a
_gen_bpf_build_bpf() failure we were returning a pointer to a BPF
program block which we had already freed - oops.  Thankfully the
fix is trivial.

Special thanks to Tudor Brindus for not only reporting the problem
but providing a very detailed root cause analysis.

Reported-by: Tudor Brindus <me@tbrindus.ca>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 src/gen_bpf.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/gen_bpf.c b/src/gen_bpf.c
index 1b559b0..4e38c3c 100644
--- a/src/gen_bpf.c
+++ b/src/gen_bpf.c
@@ -1968,6 +1968,8 @@ struct bpf_program *gen_bpf_generate(const struct db_filter_col *col)
 	rc = _gen_bpf_build_bpf(&state, col);
 	if (rc == 0)
 		state.bpf = NULL;
+	else
+		prgm = NULL;
 	_state_release(&state);
 
 	return prgm;
-- 
cgit v1.2.1