pfkey import_flow() must do the NULL check before doing pointer

arithmetic.
found by kubsan; joint work with tobhe@; OK millert@

diff --git a/sys/net/pfkeyv2_convert.c b/sys/net/pfkeyv2_convert.c
index 61feeb9..c342b50 100644 (file)
--- a/sys/net/pfkeyv2_convert.c
+++ b/sys/net/pfkeyv2_convert.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pfkeyv2_convert.c,v 1.78 2021/12/20 15:59:09 mvs Exp $        */
+/*     $OpenBSD: pfkeyv2_convert.c,v 1.79 2022/01/20 17:13:12 bluhm Exp $      */
 /*
  * The author of this code is Angelos D. Keromytis (angelos@keromytis.org)
  *
@@ -432,14 +432,16 @@ import_flow(struct sockaddr_encap *flow, struct sockaddr_encap *flowmask,
     struct sadb_protocol *sab, struct sadb_protocol *ftype)
 {
        u_int8_t transproto = 0;
-       union sockaddr_union *src = (union sockaddr_union *)(ssrc + 1);
-       union sockaddr_union *dst = (union sockaddr_union *)(ddst + 1);
-       union sockaddr_union *srcmask = (union sockaddr_union *)(ssrcmask + 1);
-       union sockaddr_union *dstmask = (union sockaddr_union *)(ddstmask + 1);
+       union sockaddr_union *src, *dst, *srcmask, *dstmask;
 
        if (ssrc == NULL)
                return 0; /* There wasn't any information to begin with. */
 
+       src = (union sockaddr_union *)(ssrc + 1);
+       dst = (union sockaddr_union *)(ddst + 1);
+       srcmask = (union sockaddr_union *)(ssrcmask + 1);
+       dstmask = (union sockaddr_union *)(ddstmask + 1);
+
        bzero(flow, sizeof(*flow));
        bzero(flowmask, sizeof(*flowmask));