From 31f0765afd61f55b1dd2cdb62ec1968efca19690 Mon Sep 17 00:00:00 2001 From: Justinas Grauslis Date: Mon, 8 Jul 2019 11:01:09 +0300 Subject: [PATCH] procd: check strchr() result before using it Subtracting some address from NULL does not necessary results in negative value. It's lower level dependent. In our case (IPQ4019 + Yocto + meta-openwrt) subtracting token address from NULL strchr() return value results in large positive number which causes out-of-boundary memory access and eventually a segfault. Signed-off-by: Justinas Grauslis --- utils/utils.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/utils/utils.c b/utils/utils.c index c5b9513..8d76129 100644 --- a/utils/utils.c +++ b/utils/utils.c @@ -150,8 +150,11 @@ char* get_cmdline_val(const char* name, char* out, int len) for (c = strtok_r(line, " \t\n", &sptr); c; c = strtok_r(NULL, " \t\n", &sptr)) { char *sep = strchr(c, '='); + if (sep == NULL) + continue; + ssize_t klen = sep - c; - if (klen < 0 || strncmp(name, c, klen) || name[klen] != 0) + if (strncmp(name, c, klen) || name[klen] != 0) continue; strncpy(out, &sep[1], len); -- 2.25.1