pfkey import_flow() must do the NULL check before doing pointer

arithmetic.
found by kubsan; joint work with tobhe@; OK millert@

1 files changed, 7 insertions, 5 deletions

diff --git a/sys/net/pfkeyv2_convert.c b/sys/net/pfkeyv2_convert.c
index 61feeb9e4b3..c342b50ac1a 100644
--- a/sys/net/pfkeyv2_convert.c
+++ b/sys/net/pfkeyv2_convert.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfkeyv2_convert.c,v 1.78 2021/12/20 15:59:09 mvs Exp $	*/
+/*	$OpenBSD: pfkeyv2_convert.c,v 1.79 2022/01/20 17:13:12 bluhm Exp $	*/
 /*
  * The author of this code is Angelos D. Keromytis (angelos@keromytis.org)
  *
@@ -432,14 +432,16 @@ import_flow(struct sockaddr_encap *flow, struct sockaddr_encap *flowmask,
     struct sadb_protocol *sab, struct sadb_protocol *ftype)
 {
 	u_int8_t transproto = 0;
-	union sockaddr_union *src = (union sockaddr_union *)(ssrc + 1);
-	union sockaddr_union *dst = (union sockaddr_union *)(ddst + 1);
-	union sockaddr_union *srcmask = (union sockaddr_union *)(ssrcmask + 1);
-	union sockaddr_union *dstmask = (union sockaddr_union *)(ddstmask + 1);
+	union sockaddr_union *src, *dst, *srcmask, *dstmask;
 
 	if (ssrc == NULL)
 		return 0; /* There wasn't any information to begin with. */
 
+	src = (union sockaddr_union *)(ssrc + 1);
+	dst = (union sockaddr_union *)(ddst + 1);
+	srcmask = (union sockaddr_union *)(ssrcmask + 1);
+	dstmask = (union sockaddr_union *)(ddstmask + 1);
+
 	bzero(flow, sizeof(*flow));
 	bzero(flowmask, sizeof(*flowmask));