Potential Null Pointer Dereference

[qingkaishi]

Hi

I found a potential null pointer dereference in the code:

at https://github.com/dugsong/libdnet/blob/master/test/dnet/fw.c#L109

p = strtok(argv[4], ":");  // step 1: it may return null with a malicious input

if (addr_aton(p, &fr->fw_src) < 0) // step 2: pass null to the function addr_aton and dereference the null in the function
	return (-1);

[ofalk]

@qingkaishi Any suggestion on fixing this?
IMHO, this is in the test-suite and the input should be well defined, don't you think?

[qingkaishi]

@qingkaishi Any suggestion on fixing this?
IMHO, this is in the test-suite and the input should be well defined, don't you think?

I think you are right, it is an issue in the test suite and is not serious. But, it is easy to fix by changing the if branch to if (!p || addr_aton(p, &fr->fw_src) < 0).

[ofalk]

Thanks for getting back to me @qingkaishi !
Would you be willing to open a PR for this? Then I can easily merge it in.

[qingkaishi]

Thanks for getting back to me @qingkaishi !
Would you be willing to open a PR for this? Then I can easily merge it in.

Sure, see the pull request #58

[ofalk]

Merged. Closing this.
Thanks again @qingkaishi !