From: Dwight Engen <dwight.engen@oracle.com>
Date: Tue, 9 Jul 2013 22:07:26 +0000 (-0400)
Subject: fix potential out of bounds pointer deref
X-Git-Tag: lxc-1.0.0.alpha1~1^2~133
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3327917f4a991a49ba1562b774c63c45139772eb;p=thirdparty%2Flxc.git

fix potential out of bounds pointer deref

I noticed that if find_first_wholeword() is called with word at the very
beginning of p, we will deref *(p - 1) to see if it is a word boundary.
Fix by considering p = p0 to be a word boundary.

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 4e71fb152..aaa9f2aeb 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -1534,13 +1534,16 @@ static int is_word_sep(char c)
 	}
 }
 
-static const char *find_first_wholeword(const char *p, const char *word)
+static const char *find_first_wholeword(const char *p0, const char *word)
 {
+	const char *p = p0;
+
 	if (!p)
 		return NULL;
 
 	while ((p = strstr(p, word)) != NULL) {
-		if (is_word_sep(*(p-1)) && is_word_sep(p[strlen(word)]))
+		if ((p == p0 || is_word_sep(*(p-1))) &&
+		    is_word_sep(p[strlen(word)]))
 			return p;
 		p++;
 	}