From a31f1706e5ed4a58f65cd6f77ff3ee86c693d8dd Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 4 Oct 2017 17:42:52 +0200
Subject: [PATCH] shared: guarantee output argument of
 nm_utils_parse_inaddr_bin() is only set on success

The documentation of inet_pton() is not clear about what happens
when parsing fails. Guarantee that the output is only modified
on success.
---
 shared/nm-utils/nm-shared-utils.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/shared/nm-utils/nm-shared-utils.c b/shared/nm-utils/nm-shared-utils.c
index c637194dcd..5d3b524ff9 100644
--- a/shared/nm-utils/nm-shared-utils.c
+++ b/shared/nm-utils/nm-shared-utils.c
@@ -342,8 +342,23 @@ nm_utils_parse_inaddr_bin (int addr_family,
 	else
 		g_return_val_if_fail (NM_IN_SET (addr_family, AF_INET, AF_INET6), FALSE);
 
-	if (inet_pton (addr_family, text, out_addr ?: &addrbin) != 1)
+	/* use a temporary variable @addrbin, to guarantee that @out_addr
+	 * is only modified on success. */
+	if (inet_pton (addr_family, text, &addrbin) != 1)
 		return FALSE;
+
+	if (out_addr) {
+		switch (addr_family) {
+		case AF_INET:
+			*((in_addr_t *) out_addr) = addrbin.addr4;
+			break;
+		case AF_INET6:
+			*((struct in6_addr *) out_addr) = addrbin.addr6;
+			break;
+		default:
+			nm_assert_not_reached ();
+		}
+	}
 	return TRUE;
 }
 
@@ -355,6 +370,8 @@ nm_utils_parse_inaddr (int addr_family,
 	NMIPAddr addrbin;
 	char addrstr_buf[MAX (INET_ADDRSTRLEN, INET6_ADDRSTRLEN)];
 
+	nm_assert (!out_addr || !*out_addr);
+
 	if (!nm_utils_parse_inaddr_bin (addr_family, text, &addrbin))
 		return FALSE;
 	NM_SET_OUT (out_addr, g_strdup (inet_ntop (addr_family, &addrbin, addrstr_buf, sizeof (addrstr_buf))));