From bfa850db67e150e8d44093a14ef6a9999c5c9968 Mon Sep 17 00:00:00 2001 From: Oliver Kurth Date: Wed, 29 Aug 2018 13:29:43 -0700 Subject: [PATCH] Fix some bad derefs in primary NIC gathering code. Found by user in https://github.com/vmware/open-vm-tools/issues/272 Debug code tries to access a struct field that may not have been initialized. - Pointer deref'd without a sanity check. --- open-vm-tools/lib/nicInfo/nicInfoPosix.c | 39 +++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 13 deletions(-) diff --git a/lib/nicInfo/nicInfoPosix.c b/lib/nicInfo/nicInfoPosix.c index 8a063a0..31c1d1a 100644 --- a/lib/nicInfo/nicInfoPosix.c +++ b/lib/nicInfo/nicInfoPosix.c @@ -359,7 +359,7 @@ GuestInfoGetNicInfo(unsigned int maxIPv4Routes, /* Get a handle to read the network interface configuration details. */ if ((intf = intf_open()) == NULL) { - g_debug("Error, failed NULL result from intf_open()\n"); + g_warning("%s: intf_open() failed\n", __FUNCTION__); return FALSE; } @@ -466,7 +466,15 @@ GuestInfoGetPrimaryIP(void) * the first non-loopback, internet interface in the interface list. */ for (curr = ifaces; curr != NULL; curr = curr->ifa_next) { - int currFamily = ((struct sockaddr_storage *)curr->ifa_addr)->ss_family; + int currFamily; + + /* + * Some interfaces ("tun") have no ifa_addr, so ignore them. + */ + if (NULL == curr->ifa_addr) { + continue; + } + currFamily = ((struct sockaddr_storage *)curr->ifa_addr)->ss_family; if (!(curr->ifa_flags & IFF_UP) || curr->ifa_flags & IFF_LOOPBACK) { continue; @@ -500,6 +508,7 @@ GuestInfoGetPrimaryIP(void) } #else + #ifndef NO_DNET char * @@ -508,20 +517,24 @@ GuestInfoGetPrimaryIP(void) GuestInfoIpPriority ipp; intf_t *intf = intf_open(); - if (intf != NULL) { - ipp.ipstr = NULL; - for (ipp.priority = NICINFO_PRIORITY_PRIMARY; - ipp.priority < NICINFO_PRIORITY_MAX; - ipp.priority++){ - intf_loop(intf, GuestInfoGetIntf, &ipp); - if (ipp.ipstr != NULL) { - break; - } + if (NULL == intf) { + g_warning("%s: intf_open() failed\n", __FUNCTION__); + return NULL; + } + + ipp.ipstr = NULL; + for (ipp.priority = NICINFO_PRIORITY_PRIMARY; + ipp.priority < NICINFO_PRIORITY_MAX; + ipp.priority++){ + intf_loop(intf, GuestInfoGetIntf, &ipp); + if (ipp.ipstr != NULL) { + break; } - intf_close(intf); } + intf_close(intf); - g_debug("%s: returning '%s'", __FUNCTION__, ipp.ipstr); + g_debug("%s: returning '%s'", + __FUNCTION__, ipp.ipstr ? ipp.ipstr : ""); return ipp.ipstr; } -- 2.7.4