From a11e012e8661629d665e992e765741a5eaa7d017 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <rgacogne-github@coredump.fr>
Date: Sun, 8 Sep 2013 13:48:34 +0000
Subject: [PATCH] security: Fix some typos and potential NULL-deref

This patch against the git tree fixes minor typos, some of them possibily
leading to NULL-pointer dereference in rare conditions.

Signed-off-by: Remi Gacogne <rgacogne-github@coredump.fr>
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
Acked-by: Feng Lu <lu.feng@6wind.com>
---
 lib/vty.c           | 2 ++
 ospf6d/ospf6_snmp.c | 2 +-
 ospfd/ospf_asbr.c   | 3 ++-
 ospfd/ospf_te.c     | 3 ++-
 zebra/irdp_packet.c | 2 +-
 5 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/lib/vty.c b/lib/vty.c
index 0d6345c83a..96cb1e4b5b 100644
--- a/lib/vty.c
+++ b/lib/vty.c
@@ -1856,9 +1856,11 @@ vty_serv_sock_family (const char* addr, unsigned short port, int family)
     {
       case AF_INET:
         naddr=&su.sin.sin_addr;
+        break;
 #ifdef HAVE_IPV6
       case AF_INET6:
         naddr=&su.sin6.sin6_addr;
+        break;
 #endif	
     }
 
diff --git a/ospf6d/ospf6_snmp.c b/ospf6d/ospf6_snmp.c
index f8a3b9204f..466039277c 100644
--- a/ospf6d/ospf6_snmp.c
+++ b/ospf6d/ospf6_snmp.c
@@ -528,7 +528,7 @@ ospfv3AreaEntry (struct variable *v, oid *name, size_t *length,
     return NULL;
 
   len = *length - v->namelen;
-  len = (len >= 1 ? sizeof 1 : 0);
+  len = (len >= 1 ? 1 : 0);
   if (exact && len != 1)
     return NULL;
   if (len)
diff --git a/ospfd/ospf_asbr.c b/ospfd/ospf_asbr.c
index a23b4f2be1..7e7c84fd4f 100644
--- a/ospfd/ospf_asbr.c
+++ b/ospfd/ospf_asbr.c
@@ -164,7 +164,8 @@ ospf_external_info_add (u_char type, struct prefix_ipv4 p,
   new->nexthop = nexthop;
   new->tag = 0;
 
-  rn->info = new;
+  if (rn)
+    rn->info = new;
 
   if (IS_DEBUG_OSPF (lsa, LSA_GENERATE))
     zlog_debug ("Redistribute[%s]: %s/%d external info created.",
diff --git a/ospfd/ospf_te.c b/ospfd/ospf_te.c
index 587564a195..c605ce68d3 100644
--- a/ospfd/ospf_te.c
+++ b/ospfd/ospf_te.c
@@ -1036,7 +1036,8 @@ ospf_mpls_te_lsa_refresh (struct ospf_lsa *lsa)
   /* If the lsa's age reached to MaxAge, start flushing procedure. */
   if (IS_LSA_MAXAGE (lsa))
     {
-      lp->flags &= ~LPFLG_LSA_ENGAGED;
+      if (lp)
+        lp->flags &= ~LPFLG_LSA_ENGAGED;
       ospf_opaque_lsa_flush_schedule (lsa);
       goto out;
     }
diff --git a/zebra/irdp_packet.c b/zebra/irdp_packet.c
index 28dc171ede..50525043d3 100644
--- a/zebra/irdp_packet.c
+++ b/zebra/irdp_packet.c
@@ -287,7 +287,7 @@ send_packet(struct interface *ifp,
   if (!(ifp->flags & IFF_UP))
     return;
 
-  if (!p) 
+  if (p)
     src = ntohl(p->u.prefix4.s_addr);
   else 
     src = 0; /* Is filled in */
-- 
2.39.5