From 979aec293e2341f1299edd68f9e3403f4e9711c0 Mon Sep 17 00:00:00 2001
From: Mark Pizzolato <mark@infocomm.com>
Date: Mon, 13 Mar 2017 12:58:40 -0700
Subject: [PATCH] SLIRP: Fix potential NULL pointer dereference and excess left
 shift (COVERITY)

---
 slirp_glue/sim_slirp.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/slirp_glue/sim_slirp.c b/slirp_glue/sim_slirp.c
index 339d260f..f7605479 100644
--- a/slirp_glue/sim_slirp.c
+++ b/slirp_glue/sim_slirp.c
@@ -84,7 +84,8 @@ if (((ipaddrstr = strchr(gbuf, ':')) == NULL) || (*(ipaddrstr+1) == 0)) {
     }
 *ipaddrstr++ = 0;
 
-if (((portstr = strchr (ipaddrstr, ':')) == NULL) || (*(portstr+1) == 0)) {
+if ((ipaddrstr) && 
+    (((portstr = strchr (ipaddrstr, ':')) == NULL) || (*(portstr+1) == 0))) {
     sim_printf ("redir %s syntax error\n", tcpudp[is_udp]);
     return -1;
     }
@@ -314,7 +315,7 @@ if (err) {
     return NULL;
     }
 
-slirp->vnetmask.s_addr = htonl(~((1 << (32-slirp->maskbits)) - 1));
+slirp->vnetmask.s_addr = slirp->maskbits ? htonl(~((1 << (32-slirp->maskbits)) - 1)) : 0xFFFFFFFF;
 slirp->vnetwork.s_addr = slirp->vgateway.s_addr & slirp->vnetmask.s_addr;
 if ((slirp->vgateway.s_addr & ~slirp->vnetmask.s_addr) == 0)
     slirp->vgateway.s_addr = htonl(ntohl(slirp->vnetwork.s_addr) | 2);