From c7fdf3070af46315c614d8bcb4ba21c486fab8a8 Mon Sep 17 00:00:00 2001 From: bluhm Date: Thu, 20 Jan 2022 17:13:12 +0000 Subject: [PATCH] pfkey import_flow() must do the NULL check before doing pointer arithmetic. found by kubsan; joint work with tobhe@; OK millert@ --- sys/net/pfkeyv2_convert.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/sys/net/pfkeyv2_convert.c b/sys/net/pfkeyv2_convert.c index 61feeb9e4b3..c342b50ac1a 100644 --- a/sys/net/pfkeyv2_convert.c +++ b/sys/net/pfkeyv2_convert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2_convert.c,v 1.78 2021/12/20 15:59:09 mvs Exp $ */ +/* $OpenBSD: pfkeyv2_convert.c,v 1.79 2022/01/20 17:13:12 bluhm Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@keromytis.org) * @@ -432,14 +432,16 @@ import_flow(struct sockaddr_encap *flow, struct sockaddr_encap *flowmask, struct sadb_protocol *sab, struct sadb_protocol *ftype) { u_int8_t transproto = 0; - union sockaddr_union *src = (union sockaddr_union *)(ssrc + 1); - union sockaddr_union *dst = (union sockaddr_union *)(ddst + 1); - union sockaddr_union *srcmask = (union sockaddr_union *)(ssrcmask + 1); - union sockaddr_union *dstmask = (union sockaddr_union *)(ddstmask + 1); + union sockaddr_union *src, *dst, *srcmask, *dstmask; if (ssrc == NULL) return 0; /* There wasn't any information to begin with. */ + src = (union sockaddr_union *)(ssrc + 1); + dst = (union sockaddr_union *)(ddst + 1); + srcmask = (union sockaddr_union *)(ssrcmask + 1); + dstmask = (union sockaddr_union *)(ddstmask + 1); + bzero(flow, sizeof(*flow)); bzero(flowmask, sizeof(*flowmask)); -- 2.20.1