Calling ip_napt_enable with 0.0.0.0 or an address that doesn't match an existing interface results in a NULL free (IDFGH-12823)

Question

Calling ip_napt_enable with 0.0.0.0 or an address that doesn't match an existing interface results in a NULL free (IDFGH-12823)

Opened this issue 5 months ago · 0 comments

Issue

If the ip_napt_table pointer hasn't been initialized previously, calling ip_napt_enable with 0.0.0.0 or an address that doesn't match an existing interface results in ip_napt_deinit being called which subsequently tries to free the ip_napt_table pointer (which defaults to NULL).

Because ip_napt_enable has no return, when the caller passes the enable flag, they don't know if the operation succeeded and would then require the function to be called again with the disable flag to clean it up.

Proposed solutions

As is done in ip_napt_init, the ip_napt_table pointer should be checked that it is not NULL before attempting to free it.
Make ip_napt_enable return a return code/boolean so the caller knows if the address argument matched one of the interfaces. This would also have the added benefit of the caller knowing they don't have to disable napt for the interface if it failed to enable it in the first place.