From 552885bde60021ed6f1db46a95f9fb2557cbe1b6 Mon Sep 17 00:00:00 2001
From: Lutz Donnerhacke <donner@FreeBSD.org>
Date: Sun, 9 May 2021 14:56:40 +0200
Subject: ^sbin/ipfw: Fix null pointer deference when printing counters

ipfw -[tT] prints statistics of the last access. If the rule was never
used, the counter might be not exist.  This happens unconditionally on
inserting a new rule.  Avoid printing statistics in this case.

PR:		255491
Reported by:	Haisheng Zhouz
Reviewed by:	ae
Differential Revision:	https://reviews.freebsd.org/D30046

(cherry picked from commit bf7cc0f9cb6603a6bdd6131c8d1939724ce6e62d)
---
 sbin/ipfw/ipfw2.c | 51 +++++++++++++++++++++++++++------------------------
 1 file changed, 27 insertions(+), 24 deletions(-)

(limited to 'sbin/ipfw/ipfw2.c')

diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c
index 700b64f9c2bb..f451f8bedcaf 100644
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@@ -2157,32 +2157,35 @@ show_static_rule(struct cmdline_opts *co, struct format_opts *fo,
 	}
 	bprintf(bp, "%05u ", rule->rulenum);
 
-	/* Print counters if enabled */
-	if (fo->pcwidth > 0 || fo->bcwidth > 0) {
-		pr_u64(bp, &cntr->pcnt, fo->pcwidth);
-		pr_u64(bp, &cntr->bcnt, fo->bcwidth);
-	}
-
-	/* Print timestamp */
-	if (co->do_time == TIMESTAMP_NUMERIC)
-		bprintf(bp, "%10u ", cntr->timestamp);
-	else if (co->do_time == TIMESTAMP_STRING) {
-		char timestr[30];
-		time_t t = (time_t)0;
-
-		if (twidth == 0) {
-			strcpy(timestr, ctime(&t));
-			*strchr(timestr, '\n') = '\0';
-			twidth = strlen(timestr);
+	/* only if counters are available */
+	if (cntr != NULL) {
+		/* Print counters if enabled */
+		if (fo->pcwidth > 0 || fo->bcwidth > 0) {
+			pr_u64(bp, &cntr->pcnt, fo->pcwidth);
+			pr_u64(bp, &cntr->bcnt, fo->bcwidth);
 		}
-		if (cntr->timestamp > 0) {
-			t = _long_to_time(cntr->timestamp);
 
-			strcpy(timestr, ctime(&t));
-			*strchr(timestr, '\n') = '\0';
-			bprintf(bp, "%s ", timestr);
-		} else {
-			bprintf(bp, "%*s", twidth, " ");
+		/* Print timestamp */
+		if (co->do_time == TIMESTAMP_NUMERIC)
+			bprintf(bp, "%10u ", cntr->timestamp);
+		else if (co->do_time == TIMESTAMP_STRING) {
+			char timestr[30];
+			time_t t = (time_t)0;
+
+			if (twidth == 0) {
+				strcpy(timestr, ctime(&t));
+				*strchr(timestr, '\n') = '\0';
+				twidth = strlen(timestr);
+			}
+			if (cntr->timestamp > 0) {
+				t = _long_to_time(cntr->timestamp);
+
+				strcpy(timestr, ctime(&t));
+				*strchr(timestr, '\n') = '\0';
+				bprintf(bp, "%s ", timestr);
+			} else {
+				bprintf(bp, "%*s", twidth, " ");
+			}
 		}
 	}
 
-- 
cgit v1.2.3