From patchwork Thu Jun 27 21:11:31 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gregor Jasny X-Patchwork-Id: 2795821 Return-Path: X-Original-To: patchwork-linux-media@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 03B61BF4A1 for ; Thu, 27 Jun 2013 21:11:51 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 1F00C20262 for ; Thu, 27 Jun 2013 21:11:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2DB842026F for ; Thu, 27 Jun 2013 21:11:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754128Ab3F0VLr (ORCPT ); Thu, 27 Jun 2013 17:11:47 -0400 Received: from mail-ee0-f52.google.com ([74.125.83.52]:35267 "EHLO mail-ee0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753849Ab3F0VLq (ORCPT ); Thu, 27 Jun 2013 17:11:46 -0400 Received: by mail-ee0-f52.google.com with SMTP id c50so655808eek.25 for ; Thu, 27 Jun 2013 14:11:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=from:to:cc:subject:date:message-id:x-mailer:in-reply-to:references; bh=uvLqX8aZCz3A4hvvw3guVOXmY9uawui6S1e6F6NDABo=; b=k1Mm69bicLGaPJxLzzUULbzs9fKFqoqtjJy+Oq1OHNWgbmcUwjwbmzoiUmykWzpQP7 8W2C9l62RUm+kBoWX00veu4Wfo6CGEuRAn02QxFbzy5/GOq0W/fukQgdHo3mwyLXzd9z 0/DRd4Ocg5Pi9DqKEinjXUq0/jILCNA6ZWZyTmULDM9UjgGpd2y/J5sBQdHAU0ay7ySi 1bcIpb2MTxZqiXI/KhwD+HyRyIvIhaqFi6ZeldTtbGzWlwpMdyPlsVZ3EBUbD8m9wB3x Gag+nuxGBBRQhiVg5wRlf31zlWJ4pTpIVX5y7DuRweiTXpfvy593swowfHD21c04dWbZ o9zg== X-Received: by 10.14.251.202 with SMTP id b50mr10698075ees.85.1372367505117; Thu, 27 Jun 2013 14:11:45 -0700 (PDT) Received: from sid.fritz.box (g229037005.adsl.alicedsl.de. [92.229.37.5]) by mx.google.com with ESMTPSA id p49sm6269104eeu.2.2013.06.27.14.11.43 for (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 27 Jun 2013 14:11:44 -0700 (PDT) From: Gregor Jasny To: linux-media@vger.kernel.org Cc: Gregor Jasny Subject: [PATCH 2/2] keytable: Always check if strtok return value is null Date: Thu, 27 Jun 2013 23:11:31 +0200 Message-Id: <1372367491-13187-3-git-send-email-gjasny@googlemail.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1372367491-13187-1-git-send-email-gjasny@googlemail.com> References: <1372367491-13187-1-git-send-email-gjasny@googlemail.com> Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org X-Spam-Status: No, score=-8.1 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The Mayhem Team found a crash caused by a nullptr. Details are here: http://www.forallsecure.com/bug-reports/567323cd26f180910beb03ae26afb40c432a0c6a/ Signed-off-by: Gregor Jasny --- utils/keytable/keytable.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/utils/keytable/keytable.c b/utils/keytable/keytable.c index 06b3d95..8bcd5c4 100644 --- a/utils/keytable/keytable.c +++ b/utils/keytable/keytable.c @@ -207,13 +207,19 @@ static error_t parse_keyfile(char *fname, char **table) p++; p = strtok(p, "\n\t =:"); do { + if (!p) + goto err_einval; if (!strcmp(p, "table")) { p = strtok(NULL,"\n, "); + if (!p) + goto err_einval; *table = malloc(strlen(p) + 1); strcpy(*table, p); } else if (!strcmp(p, "type")) { p = strtok(NULL, " ,\n"); do { + if (!p) + goto err_einval; if (!strcasecmp(p,"rc5") || !strcasecmp(p,"rc-5")) ch_proto |= RC_5; else if (!strcasecmp(p,"rc6") || !strcasecmp(p,"rc-6")) @@ -447,6 +453,8 @@ static error_t parse_opt(int k, char *arg, struct argp_state *state) case 'p': p = strtok(arg, ",;"); do { + if (!p) + goto err_inval; if (!strcasecmp(p,"rc5") || !strcasecmp(p,"rc-5")) ch_proto |= RC_5; else if (!strcasecmp(p,"rc6") || !strcasecmp(p,"rc-6")) @@ -813,14 +821,19 @@ static int v1_get_sw_enabled_protocol(char *dirname) return 0; } - p = strtok(buf, " \n"); - rc = atoi(p); - if (fclose(fp)) { perror(name); return errno; } + p = strtok(buf, " \n"); + if (!p) { + fprintf(stderr, "%s has invalid content: '%s'\n", name, buf); + return 0; + } + + rc = atoi(p); + if (debug) fprintf(stderr, "protocol %s is %s\n", name, rc? "enabled" : "disabled");