From 6ae2a525cf57079adf244510d18bf7647007ce47 Mon Sep 17 00:00:00 2001
From: Carmine Scarpitta <cscarpit@cisco.com>
Date: Fri, 15 Sep 2023 12:36:30 +0200
Subject: [PATCH] isisd: Fix CID 1568134 (Null pointer dereference)

Null check `isis` pointer before dereferencing it.

Fixes this coverity issue:

*** CID 1568134:  Null pointer dereferences  (NULL_RETURNS)
/isisd/isis_zebra.c: 1146 in isis_zebra_process_srv6_locator_chunk()
1140                    "prefix %pFX, block_len %u, node_len %u, func_len %u, arg_len %u",
1141                    chunk->locator_name, &chunk->prefix, chunk->block_bits_length,
1142                    chunk->node_bits_length, chunk->function_bits_length,
1143                    chunk->argument_bits_length);
1144
1145            /* Walk through all areas of the ISIS instance */
>>>     CID 1568134:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing "isis", which is known to be "NULL".
1146            for (ALL_LIST_ELEMENTS_RO(isis->area_list, node, area)) {
1147                    if (strncmp(area->srv6db.config.srv6_locator_name,
1148                                chunk->locator_name,
1149                                sizeof(area->srv6db.config.srv6_locator_name)) != 0)
1150                            continue;
1151

Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
---
 isisd/isis_zebra.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/isisd/isis_zebra.c b/isisd/isis_zebra.c
index 378d78efe4..788618ef8b 100644
--- a/isisd/isis_zebra.c
+++ b/isisd/isis_zebra.c
@@ -1136,6 +1136,9 @@ static int isis_zebra_process_srv6_locator_chunk(ZAPI_CALLBACK_ARGS)
 	enum srv6_endpoint_behavior_codepoint behavior;
 	bool allocated = false;
 
+	if (!isis)
+		return -1;
+
 	/* Decode the received zebra message */
 	s = zclient->ibuf;
 	if (zapi_srv6_locator_chunk_decode(s, chunk) < 0)
-- 
2.39.5