procd: check strchr() result before using it

Subtracting some address from NULL does not necessary
results in negative value. It's lower level dependent.

In our case (IPQ4019 + Yocto + meta-openwrt) subtracting
token address from NULL strchr() return value results in
large positive number which causes out-of-boundary memory
access and eventually a segfault.

Signed-off-by: Justinas Grauslis <justinas@8devices.com>

diff --git a/utils/utils.c b/utils/utils.c
index c5b951356a7e0251e11f227b2693f6ecce108f50..8d76129a02b334a25a89dcc4a40f7de2de733faf 100644 (file)
--- a/utils/utils.c
+++ b/utils/utils.c
@@ -150,8 +150,11 @@ char* get_cmdline_val(const char* name, char* out, int len)
        for (c = strtok_r(line, " \t\n", &sptr); c;
                        c = strtok_r(NULL, " \t\n", &sptr)) {
                char *sep = strchr(c, '=');
+               if (sep == NULL)
+                       continue;
+
                ssize_t klen = sep - c;
-               if (klen < 0 || strncmp(name, c, klen) || name[klen] != 0)
+               if (strncmp(name, c, klen) || name[klen] != 0)
                        continue;
 
                strncpy(out, &sep[1], len);