[ovs-dev] [PATCH] netlink-socket: Fix possiblity of nl_transact dereferncing null pointer

Tue Jan 31 06:40:08 UTC 2017

Many nl_transact callers and its wrapper tc_transact pass NULL for replyp
which is being accessed in error flow without being checked if null or not.

Signed-off-by: Roi Dayan <roid at mellanox.com>
Reviewed-by: Paul Blakey <paulb at mellanox.com>
---
 lib/netlink-socket.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/netlink-socket.c b/lib/netlink-socket.c
index 7502764..e45914c 100644
--- a/lib/netlink-socket.c
+++ b/lib/netlink-socket.c
@@ -1698,7 +1698,9 @@ nl_transact(int protocol, const struct ofpbuf *request,
 
     error = nl_pool_alloc(protocol, &sock);
     if (error) {
-        *replyp = NULL;
+        if (replyp) {
+            *replyp = NULL;
+        }
         return error;
     }
 
-- 
2.7.4

