If missing, the memcpy call ends up reading from address zero.
Fixes: c7c94802679cd ("src: add ct timeout support")
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
This is a second bug in netlink delinearization exposed by the "Fix for
extra data in delete notifications" kernel patch.
---
src/netlink.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/netlink.c b/src/netlink.c
index be1fefc068bfd..73fe579a477cf 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1769,9 +1769,10 @@ struct obj *netlink_delinearize_obj(struct netlink_ctx *ctx,
init_list_head(&obj->ct_timeout.timeout_list);
obj->ct_timeout.l3proto = nftnl_obj_get_u16(nlo, NFTNL_OBJ_CT_TIMEOUT_L3PROTO);
obj->ct_timeout.l4proto = nftnl_obj_get_u8(nlo, NFTNL_OBJ_CT_TIMEOUT_L4PROTO);
- memcpy(obj->ct_timeout.timeout,
- nftnl_obj_get(nlo, NFTNL_OBJ_CT_TIMEOUT_ARRAY),
- NFTNL_CTTIMEOUT_ARRAY_MAX * sizeof(uint32_t));
+ if (nftnl_obj_is_set(nlo, NFTNL_OBJ_CT_TIMEOUT_ARRAY))
+ memcpy(obj->ct_timeout.timeout,
+ nftnl_obj_get(nlo, NFTNL_OBJ_CT_TIMEOUT_ARRAY),
+ NFTNL_CTTIMEOUT_ARRAY_MAX * sizeof(uint32_t));
break;
case NFT_OBJECT_LIMIT:
obj->limit.rate =
--
2.49.0
