iptables: fix possible NULL pointer access on constructing rule masks

Due to a misplaced parenthesis, rule_mask() may try to access r->target->userspacesize through a r->target NULL pointer. Fix this problem by correcting the parenthesis placement in the memset expression, using the originally intented operator precedence. Spotted in the cz.nic fork of firewall3. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
author: Jo-Philipp Wich <jo@mein.io> 2018-03-02 11:36:39 +0100
committer: Jo-Philipp Wich <jo@mein.io> 2018-03-02 11:36:39 +0100
commit: 8ef12cb54dbd37466ab10586591eb84338475c2a (patch)
tree: f91e081fd85cc7b0824c8077697c271e3944fe1f /iptables.c
parent: a3ef503ed515752f7d1809c8c3238c0e4c7ce150 (diff)
download: firewall3-8ef12cb54dbd37466ab10586591eb84338475c2a.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/iptables.c b/iptables.c
index a48a8b6..f8d4d46 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1423,7 +1423,7 @@ rule_mask(struct fw3_ipt_rule *r)
 			p += SZ(ip6t_entry_match) + m->match->size;
 		}
 
-		memset(p, 0xFF, SZ(ip6t_entry_target) + (r->target) ? r->target->userspacesize : 0);
+		memset(p, 0xFF, SZ(ip6t_entry_target) + (r->target ? r->target->userspacesize : 0));
 	}
 	else
 #endif
@@ -1447,7 +1447,7 @@ rule_mask(struct fw3_ipt_rule *r)
 			p += SZ(ipt_entry_match) + m->match->size;
 		}
 
-		memset(p, 0xFF, SZ(ipt_entry_target) + (r->target) ? r->target->userspacesize : 0);
+		memset(p, 0xFF, SZ(ipt_entry_target) + (r->target ? r->target->userspacesize : 0));
 	}
 
 	return mask;
author	Jo-Philipp Wich <jo@mein.io>	2018-03-02 11:36:39 +0100
committer	Jo-Philipp Wich <jo@mein.io>	2018-03-02 11:36:39 +0100
commit	8ef12cb54dbd37466ab10586591eb84338475c2a (patch)
tree	f91e081fd85cc7b0824c8077697c271e3944fe1f /iptables.c
parent	a3ef503ed515752f7d1809c8c3238c0e4c7ce150 (diff)
download	firewall3-8ef12cb54dbd37466ab10586591eb84338475c2a.tar.gz