[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+uiC5ax7p3sn+F6cFYUvLnUHH2_4LauOCNtyGCZZZr7NNY2Kw@mail.gmail.com>
Date: Mon, 24 Mar 2025 16:26:48 +0800
From: Ziao Li <leeziao0331@...il.com>
To: netdev@...r.kernel.org
Subject: [PATCH iproute2] nstat: Fix NULL Pointer Dereference
The vulnerability happens in load_ugly_table(), misc/nstat.c, in the
latest version of iproute2.
The vulnerability can be triggered by:
1. db is set to NULL at struct nstat_ent *db = NULL;
2. n is set to NULL at n = db;
3. NULL dereference of variable n happens at sscanf(p+1, "%llu", &n->val) != 1
Subject: [PATCH] Fix Null Dereference when no entries are specified
Signed-off-by: Ziao Li <leeziao0331@...il.com>
---
misc/nstat.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/misc/nstat.c b/misc/nstat.c
index fce3e9c1..b2e19bde 100644
--- a/misc/nstat.c
+++ b/misc/nstat.c
@@ -218,6 +218,10 @@ static void load_ugly_table(FILE *fp)
p = next;
}
n = db;
+ if (n == NULL) {
+ fprintf(stderr, "Error: Invalid input – line has ':' but
no entries. Add values after ':'.\n");
+ exit(-2);
+ }
nread = getline(&buf, &buflen, fp);
if (nread == -1) {
fprintf(stderr, "%s:%d: error parsing history file\n",
--
2.34.1
Powered by blists - more mailing lists