procd: check strchr() result before using it

Subtracting some address from NULL does not necessary results in negative value. It's lower level dependent. In our case (IPQ4019 + Yocto + meta-openwrt) subtracting token address from NULL strchr() return value results in large positive number which causes out-of-boundary memory access and eventually a segfault. Signed-off-by: Justinas Grauslis <justinas@8devices.com>
author: Justinas Grauslis 2019-07-08 08:01:09 +0000
committer: Hans Dedecker 2019-07-13 07:22:52 +0000
commit: 31f0765afd61f55b1dd2cdb62ec1968efca19690 (patch)
tree: 22a41538ec3ab59bc54896ebf19078c1f62bba42
parent: ade00ca585a49c8478bf60eb24ce385676be37a4 (diff)
download: procd-31f0765afd61f55b1dd2cdb62ec1968efca19690.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/utils/utils.c b/utils/utils.c
index c5b9513..8d76129 100644
--- a/utils/utils.c
+++ b/utils/utils.c
@@ -150,8 +150,11 @@ char* get_cmdline_val(const char* name, char* out, int len)
 	for (c = strtok_r(line, " \t\n", &sptr); c;
 			c = strtok_r(NULL, " \t\n", &sptr)) {
 		char *sep = strchr(c, '=');
+		if (sep == NULL)
+			continue;
+
 		ssize_t klen = sep - c;
-		if (klen < 0 || strncmp(name, c, klen) || name[klen] != 0)
+		if (strncmp(name, c, klen) || name[klen] != 0)
 			continue;
 
 		strncpy(out, &sep[1], len);
author	Justinas Grauslis	2019-07-08 08:01:09 +0000
committer	Hans Dedecker	2019-07-13 07:22:52 +0000
commit	31f0765afd61f55b1dd2cdb62ec1968efca19690 (patch)
tree	22a41538ec3ab59bc54896ebf19078c1f62bba42
parent	ade00ca585a49c8478bf60eb24ce385676be37a4 (diff)
download	procd-31f0765afd61f55b1dd2cdb62ec1968efca19690.tar.gz