ipcpd: Fix readdir() not initializing ptrbe

Some IPCP (sub)components returned successfully with 0 entries but did
not initialize the buf ptr when the RIB has no entries, causing a SEGV
on free() in the RIB.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>

5 files changed, 14 insertions, 9 deletions

diff --git a/src/ipcpd/ipcp.c b/src/ipcpd/ipcp.c
index ab38f5d0..7fe3e7eb 100644
--- a/src/ipcpd/ipcp.c
+++ b/src/ipcpd/ipcp.c
@@ -251,8 +251,7 @@ static int ipcp_rib_readdir(char *** buf)
 {
         int  i = 0;
 
-        while (info[i] != NULL)
-                i++;
+        while (info[i++] != NULL);
 
         *buf = malloc(sizeof(**buf) * i);
         if (*buf == NULL)
@@ -271,9 +270,8 @@ static int ipcp_rib_readdir(char *** buf)
  fail_dup:
         while (i-- > 0)
                 free((*buf)[i]);
- fail_entries:
         free(*buf);
-
+ fail_entries:
         return -ENOMEM;
 }
 
diff --git a/src/ipcpd/unicast/dir/dht.c b/src/ipcpd/unicast/dir/dht.c
index a56c8af2..f7de7bb7 100644
--- a/src/ipcpd/unicast/dir/dht.c
+++ b/src/ipcpd/unicast/dir/dht.c
@@ -535,7 +535,7 @@ static uint8_t * generate_id(void)
                 log_err("DHT ID length is too short (%zu < %zu).",
                         dht.id.len, sizeof(uint64_t));
                 return NULL;
-        };
+        }
 
         id = malloc(dht.id.len);
         if (id == NULL) {
diff --git a/src/ipcpd/unicast/dt.c b/src/ipcpd/unicast/dt.c
index 38cee75d..5dac70e9 100644
--- a/src/ipcpd/unicast/dt.c
+++ b/src/ipcpd/unicast/dt.c
@@ -287,8 +287,10 @@ static int dt_rib_readdir(char *** buf)
 
         pthread_rwlock_rdlock(&dt.lock);
 
-        if (dt.n_flows < 1)
+        if (dt.n_flows < 1) {
+                *buf = NULL;
                 goto no_flows;
+        }
 
         *buf = malloc(sizeof(**buf) * dt.n_flows);
         if (*buf == NULL)
diff --git a/src/ipcpd/unicast/fa.c b/src/ipcpd/unicast/fa.c
index 61abff52..23676c23 100644
--- a/src/ipcpd/unicast/fa.c
+++ b/src/ipcpd/unicast/fa.c
@@ -217,8 +217,10 @@ static int fa_rib_readdir(char *** buf)
 
         pthread_rwlock_rdlock(&fa.flows_lock);
 
-        if (fa.n_flows < 1)
+        if (fa.n_flows < 1) {
+                *buf = NULL;
                 goto no_flows;
+        }
 
         *buf = malloc(sizeof(**buf) * fa.n_flows);
         if (*buf == NULL)
diff --git a/src/ipcpd/unicast/routing/link-state.c b/src/ipcpd/unicast/routing/link-state.c
index 31b5a112..8021fc7d 100644
--- a/src/ipcpd/unicast/routing/link-state.c
+++ b/src/ipcpd/unicast/routing/link-state.c
@@ -262,12 +262,15 @@ static int lsdb_rib_readdir(char *** buf)
         char               entry[RIB_PATH_LEN + 1];
         ssize_t            idx = 0;
 
-        assert(buf);
+        assert(buf != NULL);
 
         pthread_rwlock_rdlock(&ls.db_lock);
 
-        if (ls.db_len + ls.nbs_len == 0)
+        if (ls.db_len + ls.nbs_len == 0) {
+                *buf = NULL;
                 goto no_entries;
+        }
+
 
         *buf = malloc(sizeof(**buf) * (ls.db_len + ls.nbs_len));
         if (*buf == NULL)