From 0a3d0c610a5f51632cc2c11dd91a838d7c8fff07 Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Fri, 5 Mar 2021 10:38:49 +0100
Subject: [PATCH] virFirewallApply: Fix possible NULL dereference on error

Commit bbc25f0d03d443efd35381463efc81b01cb6ae96 juggled around some
error reporting. Unfortunately virFirewallApply tries to report the
errno stored in the firewall object and we'd try to do that when the
firewall object is NULL too. Report EINVAL if 'firewall' is NULL.

Found by Coverity.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
---
 src/util/virfirewall.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
index c1b7d2268b..0dc0cecd53 100644
--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
@@ -766,8 +766,12 @@ virFirewallApply(virFirewallPtr firewall)
         goto cleanup;
     }
     if (!firewall || firewall->err) {
-        virReportSystemError(firewall->err, "%s",
-                             _("Unable to create rule"));
+        int err = EINVAL;
+
+        if (firewall)
+            err = firewall->err;
+
+        virReportSystemError(err, "%s", _("Unable to create rule"));
         goto cleanup;
     }