diff mbox series

[iproute2] nstat: Fix NULL Pointer Dereference

Message ID CA+uiC5ax7p3sn+F6cFYUvLnUHH2_4LauOCNtyGCZZZr7NNY2Kw@mail.gmail.com (mailing list archive)
State New
Delegated to: Stephen Hemminger
Headers show
Series [iproute2] nstat: Fix NULL Pointer Dereference | expand

Checks

Context Check Description
netdev/tree_selection success Not a local patch

Commit Message

Ziao Li March 24, 2025, 8:26 a.m. UTC 
The vulnerability happens in load_ugly_table(), misc/nstat.c, in the
latest version of iproute2.
The vulnerability can be triggered by:
1. db is set to NULL at struct nstat_ent *db = NULL;
2. n is set to NULL at n = db;
3. NULL dereference of variable n happens at sscanf(p+1, "%llu", &n->val) != 1

Subject: [PATCH] Fix Null Dereference when no entries are specified
Signed-off-by: Ziao Li <leeziao0331@gmail.com>
---
 misc/nstat.c | 4 ++++
 1 file changed, 4 insertions(+)

            fprintf(stderr, "%s:%d: error parsing history file\n",
diff mbox series

Patch

diff --git a/misc/nstat.c b/misc/nstat.c
index fce3e9c1..b2e19bde 100644
--- a/misc/nstat.c
+++ b/misc/nstat.c
@@ -218,6 +218,10 @@  static void load_ugly_table(FILE *fp)
            p = next;
        }
        n = db;
+       if (n == NULL) {
+           fprintf(stderr, "Error: Invalid input – line has ':' but
no entries. Add values after ':'.\n");
+           exit(-2);
+       }
        nread = getline(&buf, &buflen, fp);
        if (nread == -1) {