mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-10 23:07:44 +00:00
nwfilter_ebiptables_driver.c: avoid NULL dereference
* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesApplyNewRules): Don't dereference a NULL or uninitialized pointer when given an empty list of rules. Add an sa_assert(inst) in each loop to tell clang that the uses of "inst[i]" are valid.
This commit is contained in:
parent
53896e5f44
commit
b6719eab9e
@ -2834,11 +2834,11 @@ ebiptablesApplyNewRules(virConnectPtr conn ATTRIBUTE_UNUSED,
|
|||||||
bool haveIptables = false;
|
bool haveIptables = false;
|
||||||
bool haveIp6tables = false;
|
bool haveIp6tables = false;
|
||||||
|
|
||||||
if (inst)
|
if (nruleInstances > 1 && inst)
|
||||||
qsort(inst, nruleInstances, sizeof(inst[0]),
|
qsort(inst, nruleInstances, sizeof(inst[0]), ebiptablesRuleOrderSort);
|
||||||
ebiptablesRuleOrderSort);
|
|
||||||
|
|
||||||
for (i = 0; i < nruleInstances; i++) {
|
for (i = 0; i < nruleInstances; i++) {
|
||||||
|
sa_assert (inst);
|
||||||
if (inst[i]->ruleType == RT_EBTABLES) {
|
if (inst[i]->ruleType == RT_EBTABLES) {
|
||||||
if (inst[i]->chainprefix == CHAINPREFIX_HOST_IN_TEMP)
|
if (inst[i]->chainprefix == CHAINPREFIX_HOST_IN_TEMP)
|
||||||
chains_in |= (1 << inst[i]->neededProtocolChain);
|
chains_in |= (1 << inst[i]->neededProtocolChain);
|
||||||
@ -2881,6 +2881,7 @@ ebiptablesApplyNewRules(virConnectPtr conn ATTRIBUTE_UNUSED,
|
|||||||
goto tear_down_tmpebchains;
|
goto tear_down_tmpebchains;
|
||||||
|
|
||||||
for (i = 0; i < nruleInstances; i++)
|
for (i = 0; i < nruleInstances; i++)
|
||||||
|
sa_assert (inst);
|
||||||
switch (inst[i]->ruleType) {
|
switch (inst[i]->ruleType) {
|
||||||
case RT_EBTABLES:
|
case RT_EBTABLES:
|
||||||
ebiptablesInstCommand(&buf,
|
ebiptablesInstCommand(&buf,
|
||||||
@ -2918,6 +2919,7 @@ ebiptablesApplyNewRules(virConnectPtr conn ATTRIBUTE_UNUSED,
|
|||||||
goto tear_down_tmpiptchains;
|
goto tear_down_tmpiptchains;
|
||||||
|
|
||||||
for (i = 0; i < nruleInstances; i++) {
|
for (i = 0; i < nruleInstances; i++) {
|
||||||
|
sa_assert (inst);
|
||||||
if (inst[i]->ruleType == RT_IPTABLES)
|
if (inst[i]->ruleType == RT_IPTABLES)
|
||||||
iptablesInstCommand(&buf,
|
iptablesInstCommand(&buf,
|
||||||
inst[i]->commandTemplate,
|
inst[i]->commandTemplate,
|
||||||
|
Loading…
Reference in New Issue
Block a user