From 1c9f509cdaf0233ae4848c05c8bcd0de98bde89a Mon Sep 17 00:00:00 2001
From: Dimitri Staessens <dimitri@ouroboros.rocks>
Date: Mon, 11 Aug 2025 06:26:54 +0200
Subject: ipcpd: Fix readdir() not initializing ptr

Some IPCP (sub)components returned successfully with 0 entries but did
not initialize the buf ptr when the RIB has no entries, causing a SEGV
on free() in the RIB.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
---
 src/ipcpd/ipcp.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'src/ipcpd/ipcp.c')

diff --git a/src/ipcpd/ipcp.c b/src/ipcpd/ipcp.c
index ab38f5d0..7fe3e7eb 100644
--- a/src/ipcpd/ipcp.c
+++ b/src/ipcpd/ipcp.c
@@ -251,8 +251,7 @@ static int ipcp_rib_readdir(char *** buf)
 {
         int  i = 0;
 
-        while (info[i] != NULL)
-                i++;
+        while (info[i++] != NULL);
 
         *buf = malloc(sizeof(**buf) * i);
         if (*buf == NULL)
@@ -271,9 +270,8 @@ static int ipcp_rib_readdir(char *** buf)
  fail_dup:
         while (i-- > 0)
                 free((*buf)[i]);
- fail_entries:
         free(*buf);
-
+ fail_entries:
         return -ENOMEM;
 }
 
-- 
cgit v1.2.3