api: fix segfault in cgroup_set_permissions()

In cgroup_set_permissions(), we don't validate the cgroup and a NULL may
be passed to it in place of the cgroup, causing a segfault, when the
NULL pointer is dereferenced to set the permissions. This patch
introduces a check to validate the cgroup argument.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
(cherry picked from commit 9795cdf9c18878388b9aa5c428c29eca8d6ad0a7)

diff --git a/src/api.c b/src/api.c
index 704e62d81cddff64d729b3e2f7b268deacbc4ec0..f304d2f4f7b24ace4cf465d328f14ded62a06c35 100644 (file)
--- a/src/api.c
+++ b/src/api.c
@@ -377,6 +377,12 @@ int cg_chmod_recursive(struct cgroup *cgroup, mode_t dir_mode, int dirm_change,
 void cgroup_set_permissions(struct cgroup *cgroup, mode_t control_dperm, mode_t control_fperm,
                            mode_t task_fperm)
 {
+       if (!cgroup) {
+               /* ECGROUPNOTALLOWED */
+               cgroup_err("Cgroup, operation not allowed\n");
+               return;
+       }
+
        cgroup->control_dperm = control_dperm;
        cgroup->control_fperm = control_fperm;
        cgroup->task_fperm = task_fperm;