wrapper: fix segfault in cgroup_get_uid_gid()

The arguments passed to cgroup_get_uid_gid() are of type pointers and
the user might pass NULL in place of or all of the arguments, causing
a segfault. segfault is triggered when the NULL, argument value is
passed without check, fix it by checking for NULL before proceeding.

Reproducer:
-----------

int main(void)
{
	struct cgroup *cgrp;
	uid_t tuid, cuid;
	gid_t tgid, cgid;

	int ret;

	ret = cgroup_init();
	if (ret) {
		printf("Failed to initialize: %s\n", cgroup_strerror(ret));
		exit (1);
	}

	cgrp = cgroup_new_cgroup("fuzzer");
	if (!cgrp) {
		printf("Failed to allocate cgroup fuzzer\n");
		exit(1);
	}

	ret = cgroup_create_cgroup(cgrp, 1);
	if (ret) {
		printf("failed to create %s: %s\n", "fuzzer", cgroup_strerror(ret));
		goto err;
	}

	cgroup_get_uid_gid(cgrp, NULL, NULL, NULL, NULL);
	// should not reach here

	return 0;
}

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
(cherry picked from commit 3d439e58f2487dca33ebf568ac323714a5c1ecfc)

diff --git a/src/wrapper.c b/src/wrapper.c
index 89e9709565ac7d3f818478e27ec985318f66372a..324b881ead4cba4963250f611c021eaee317c3d0 100644 (file)
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -404,7 +404,7 @@ int cgroup_set_uid_gid(struct cgroup *cgroup, uid_t tasks_uid, gid_t tasks_gid,
 int cgroup_get_uid_gid(struct cgroup *cgroup, uid_t *tasks_uid, gid_t *tasks_gid,
                       uid_t *control_uid, gid_t *control_gid)
 {
-       if (!cgroup)
+       if (!cgroup || !tasks_uid || !tasks_gid || !control_uid || !control_gid)
                return ECGINVAL;
 
        *tasks_uid = cgroup->tasks_uid;