From 968db56ae1744959d83974e78fda321ba5330232 Mon Sep 17 00:00:00 2001
From: Mark Kavanagh <mark.b.kavanagh@intel.com>
Date: Mon, 19 Feb 2018 15:23:46 +0000
Subject: [PATCH 1/1] ovs_stats: fix potential NULL dereference

ovs_stats_update_iface() passes a pointer to a potentially-NULL
string to sstrncpy(); this is obviously problematic.

Add a check to ensure that the relevant string is non-NULL.

Fixes: 1cc7599 ("ovs_stats plugin: Fix null dereference of "port".)
Signed-off-by: Mark Kavanagh <mark.b.kavanagh@intel.com>
---
 src/ovs_stats.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/ovs_stats.c b/src/ovs_stats.c
index 358d10e5..b42bef7d 100644
--- a/src/ovs_stats.c
+++ b/src/ovs_stats.c
@@ -632,10 +632,15 @@ static int ovs_stats_update_iface(yajl_val iface) {
     ovs_stats_update_iface_ext_ids(port,
                                    YAJL_GET_ARRAY(iface_ext_ids)->values[1]);
   if (iface_uuid && YAJL_IS_ARRAY(iface_uuid) &&
-      YAJL_GET_ARRAY(iface_uuid)->len == 2)
+      YAJL_GET_ARRAY(iface_uuid)->len == 2 &&
+      YAJL_GET_STRING(YAJL_GET_ARRAY(iface_uuid)->values[1]) != NULL)
     sstrncpy(port->iface_uuid,
              YAJL_GET_STRING(YAJL_GET_ARRAY(iface_uuid)->values[1]),
              sizeof(port->iface_uuid));
+  else {
+    ERROR("ovs_stats plugin: incorrect JSON interface data");
+    return -1;
+  }
 
   return 0;
 }
-- 
2.11.0