From: Enji Cooper Date: Thu, 6 Jun 2024 04:25:59 +0000 (-0700) Subject: Be more defensive when parsing PRETTY_NAME out of os-release X-Git-Tag: 1.0.19~38 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2151a7d056a626132273aadfb7022547b076d010;p=thirdparty%2Flldpd.git Be more defensive when parsing PRETTY_NAME out of os-release Test the result of `strtok(..)` to ensure that the line being parsed has an `=` sign in it. This addresses a potential crash due to a NULL pointer dereference. Reported by: Coverity Signed-off-by: Enji Cooper --- diff --git a/src/daemon/lldpd.c b/src/daemon/lldpd.c index dc68f19f..6b5721e2 100644 --- a/src/daemon/lldpd.c +++ b/src/daemon/lldpd.c @@ -859,6 +859,8 @@ lldpd_get_os_release() while ((fgets(line, sizeof(line), fp) != NULL)) { key = strtok(line, "="); + if (key == NULL) continue; + val = strtok(NULL, "="); if (strncmp(key, "PRETTY_NAME", sizeof(line)) == 0) {