From df97a9d13318f15c59bb055b90529e9e8378a619 Mon Sep 17 00:00:00 2001
From: Carmine Scarpitta <cscarpit@cisco.com>
Date: Fri, 21 Jun 2024 17:47:46 +0200
Subject: [PATCH] zebra: Fix NULL pointer dereference

The `locator` pointer is dereferenced before ensuring it is not NULL.
Fix the issue by checking that the pointer is not NULL before
dereferencing it.

Fixes 1594013

** CID 1594013:  Null pointer dereferences  (REVERSE_INULL)
/zebra/zebra_srv6.c: 961 in zebra_srv6_sid_compose()

________________________________________________________________________________________________________
*** CID 1594013:  Null pointer dereferences  (REVERSE_INULL)
/zebra/zebra_srv6.c: 961 in zebra_srv6_sid_compose()
955     				   struct srv6_locator *locator,
956     				   uint32_t sid_func)
957     {
958     	uint8_t offset, func_len;
959     	struct srv6_sid_format *format = locator->sid_format;
960
     CID 1594013:  Null pointer dereferences  (REVERSE_INULL)
     Null-checking "locator" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
961     	if (!sid_value || !locator)
962     		return false;
963
964     	if (format) {
965     		offset = format->block_len + format->node_len;
966     		func_len = format->function_len;

Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
---
 zebra/zebra_srv6.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/zebra/zebra_srv6.c b/zebra/zebra_srv6.c
index be335a5ded..e82b781c6f 100644
--- a/zebra/zebra_srv6.c
+++ b/zebra/zebra_srv6.c
@@ -956,11 +956,12 @@ static bool zebra_srv6_sid_compose(struct in6_addr *sid_value,
 				   uint32_t sid_func)
 {
 	uint8_t offset, func_len;
-	struct srv6_sid_format *format = locator->sid_format;
+	struct srv6_sid_format *format;
 
 	if (!sid_value || !locator)
 		return false;
 
+	format = locator->sid_format;
 	if (format) {
 		offset = format->block_len + format->node_len;
 		func_len = format->function_len;
-- 
2.39.5