Add an if (!s) return -WOLFIP_EINVAL; guard to wolfIP_sock_socket so a NULL

gasbytes · gasbytes · commit 1037af7a53df · 2026-04-30T12:20:11.000+02:00
stack pointer no longer segfaults inside
tcp_new_socket/udp_new_socket/icmp_new_socket/raw_new_socket/packet_new_socket,
with test_regression_sock_socket_null_wolfip_returns_einval pinning the contract.
diff --git a/src/test/unit/unit.c b/src/test/unit/unit.c
@@ -146,6 +146,7 @@ Suite *wolf_suite(void)
     tcase_add_test(tc_utils, test_filter_socket_event_proto_variants);
     tcase_add_test(tc_utils, test_filter_setters_and_get_mask);
     tcase_add_test(tc_utils, test_sock_socket_errors);
+    tcase_add_test(tc_utils, test_regression_sock_socket_null_wolfip_returns_einval);
     tcase_add_test(tc_utils, test_sock_socket_udp_protocol_zero);
     tcase_add_test(tc_utils, test_sock_socket_full_tables);
     tcase_add_test(tc_utils, test_filter_mask_for_proto_variants);
diff --git a/src/test/unit/unit_tests_api.c b/src/test/unit/unit_tests_api.c
@@ -465,6 +465,23 @@ START_TEST(test_sock_socket_errors)
     ck_assert_int_eq(wolfIP_sock_socket(&s, AF_INET, IPSTACK_SOCK_DGRAM, WI_IPPROTO_TCP), -1);
 }
 END_TEST
+
+START_TEST(test_regression_sock_socket_null_wolfip_returns_einval)
+{
+    ck_assert_int_eq(wolfIP_sock_socket(NULL, AF_INET, IPSTACK_SOCK_STREAM, WI_IPPROTO_TCP),
+            -WOLFIP_EINVAL);
+    ck_assert_int_eq(wolfIP_sock_socket(NULL, AF_INET, IPSTACK_SOCK_DGRAM, WI_IPPROTO_UDP),
+            -WOLFIP_EINVAL);
+    ck_assert_int_eq(wolfIP_sock_socket(NULL, AF_INET, IPSTACK_SOCK_DGRAM, 0),
+            -WOLFIP_EINVAL);
+    ck_assert_int_eq(wolfIP_sock_socket(NULL, AF_INET, IPSTACK_SOCK_DGRAM, WI_IPPROTO_ICMP),
+            -WOLFIP_EINVAL);
+    ck_assert_int_eq(wolfIP_sock_socket(NULL, AF_INET, IPSTACK_SOCK_RAW, WI_IPPROTO_UDP),
+            -WOLFIP_EINVAL);
+    ck_assert_int_eq(wolfIP_sock_socket(NULL, AF_PACKET, IPSTACK_SOCK_RAW, ee16(ETH_TYPE_IP)),
+            -WOLFIP_EINVAL);
+}
+END_TEST
 START_TEST(test_udp_sendto_and_recvfrom)
 {
     struct wolfIP s;
diff --git a/src/wolfip.c b/src/wolfip.c
@@ -5291,6 +5291,8 @@ int wolfIP_sock_socket(struct wolfIP *s, int domain, int type, int protocol)
 #if WOLFIP_RAWSOCKETS || WOLFIP_PACKET_SOCKETS
     int base_type = type;
 #endif
+    if (!s)
+        return -WOLFIP_EINVAL;
     if (domain != AF_INET)
         goto packet_try;
     if (type == IPSTACK_SOCK_STREAM) {
