ubus: handle attribute access after NULL check in parse_subnets()

[project/firewall3.git] / ubus.c

diff --git a/ubus.c b/ubus.c
index 581f51c..0d83e0f 100644 (file)
--- a/ubus.c
+++ b/ubus.c
@@ -114,7 +114,9 @@ parse_subnets(struct list_head *head, enum fw3_family family,
        if (!list)
                return;
 
        if (!list)
                return;
 

-       blob_for_each_attr(cur, list, rem)
+       rem = blobmsg_data_len(list);
+
+       __blob_for_each_attr(cur, blobmsg_data(list), rem)

        {
                addr = parse_subnet(family, blobmsg_data(cur), blobmsg_data_len(cur));
 
        {
                addr = parse_subnet(family, blobmsg_data(cur), blobmsg_data_len(cur));
 


@@ -140,18 +142,13 @@ fw3_ubus_device(const char *net)
        struct fw3_device *dev = NULL;
        struct blob_attr *tb[__DEV_MAX];
        struct blob_attr *cur;
        struct fw3_device *dev = NULL;
        struct blob_attr *tb[__DEV_MAX];
        struct blob_attr *cur;

+       char *name = NULL;

        int rem;
 
        if (!net || !interfaces)
                return NULL;
 
        int rem;
 
        if (!net || !interfaces)
                return NULL;
 

-       dev = calloc(1, sizeof(*dev));
-       if (!dev)
-               return NULL;
-

        blobmsg_for_each_attr(cur, interfaces, rem) {
        blobmsg_for_each_attr(cur, interfaces, rem) {

-               char *name;
-

                blobmsg_parse(policy, __DEV_MAX, tb, blobmsg_data(cur), blobmsg_len(cur));
                if (!tb[DEV_INTERFACE] ||
                    strcmp(blobmsg_data(tb[DEV_INTERFACE]), net) != 0)
                blobmsg_parse(policy, __DEV_MAX, tb, blobmsg_data(cur), blobmsg_len(cur));
                if (!tb[DEV_INTERFACE] ||
                    strcmp(blobmsg_data(tb[DEV_INTERFACE]), net) != 0)


@@ -164,12 +161,21 @@ fw3_ubus_device(const char *net)
                else
                        continue;
 
                else
                        continue;
 

-               snprintf(dev->name, sizeof(dev->name), "%s", name);
-               dev->set = !!dev->name[0];
-               return dev;
+               break;

        }
 
        }
 

-       return NULL;
+       if (!name)
+               return NULL;
+
+       dev = calloc(1, sizeof(*dev));
+
+       if (!dev)
+               return NULL;
+
+       snprintf(dev->name, sizeof(dev->name), "%s", name);
+       dev->set = true;
+
+       return dev;

 }
 
 void
 }
 
 void