From bf7cc0f9cb6603a6bdd6131c8d1939724ce6e62d Mon Sep 17 00:00:00 2001 From: Lutz Donnerhacke Date: Fri, 30 Apr 2021 16:12:47 +0200 Subject: [PATCH] sbin/ipfw: Fix null pointer deference when printing counters ipfw -[tT] prints statistics of the last access. If the rule was never used, the counter might be not exist. This happens unconditionally on inserting a new rule. Avoid printing statistics in this case. PR: 255491 Reported by: Haisheng Zhouz Reviewed by: ae MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D30046 --- sbin/ipfw/ipfw2.c | 51 +++++++++++++++++++++++++---------------------- 1 file changed, 27 insertions(+), 24 deletions(-) diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index 19f7f331091d..c17fbbca7dfa 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -2174,32 +2174,35 @@ show_static_rule(struct cmdline_opts *co, struct format_opts *fo, } bprintf(bp, "%05u ", rule->rulenum); - /* Print counters if enabled */ - if (fo->pcwidth > 0 || fo->bcwidth > 0) { - pr_u64(bp, &cntr->pcnt, fo->pcwidth); - pr_u64(bp, &cntr->bcnt, fo->bcwidth); - } - - /* Print timestamp */ - if (co->do_time == TIMESTAMP_NUMERIC) - bprintf(bp, "%10u ", cntr->timestamp); - else if (co->do_time == TIMESTAMP_STRING) { - char timestr[30]; - time_t t = (time_t)0; - - if (twidth == 0) { - strcpy(timestr, ctime(&t)); - *strchr(timestr, '\n') = '\0'; - twidth = strlen(timestr); + /* only if counters are available */ + if (cntr != NULL) { + /* Print counters if enabled */ + if (fo->pcwidth > 0 || fo->bcwidth > 0) { + pr_u64(bp, &cntr->pcnt, fo->pcwidth); + pr_u64(bp, &cntr->bcnt, fo->bcwidth); } - if (cntr->timestamp > 0) { - t = _long_to_time(cntr->timestamp); - strcpy(timestr, ctime(&t)); - *strchr(timestr, '\n') = '\0'; - bprintf(bp, "%s ", timestr); - } else { - bprintf(bp, "%*s ", twidth, ""); + /* Print timestamp */ + if (co->do_time == TIMESTAMP_NUMERIC) + bprintf(bp, "%10u ", cntr->timestamp); + else if (co->do_time == TIMESTAMP_STRING) { + char timestr[30]; + time_t t = (time_t)0; + + if (twidth == 0) { + strcpy(timestr, ctime(&t)); + *strchr(timestr, '\n') = '\0'; + twidth = strlen(timestr); + } + if (cntr->timestamp > 0) { + t = _long_to_time(cntr->timestamp); + + strcpy(timestr, ctime(&t)); + *strchr(timestr, '\n') = '\0'; + bprintf(bp, "%s ", timestr); + } else { + bprintf(bp, "%*s ", twidth, ""); + } } }