From: Kamalesh Babulal Date: Tue, 28 Feb 2023 09:15:05 +0000 (+0530) Subject: wrapper: fix segfault in cgroup_get_uid_gid() X-Git-Tag: v3.1.0~154 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3d439e58f2487dca33ebf568ac323714a5c1ecfc;p=thirdparty%2Flibcgroup.git wrapper: fix segfault in cgroup_get_uid_gid() The arguments passed to cgroup_get_uid_gid() are of type pointers and the user might pass NULL in place of or all of the arguments, causing a segfault. segfault is triggered when the NULL, argument value is passed without check, fix it by checking for NULL before proceeding. Reproducer: ----------- int main(void) { struct cgroup *cgrp; uid_t tuid, cuid; gid_t tgid, cgid; int ret; ret = cgroup_init(); if (ret) { printf("Failed to initialize: %s\n", cgroup_strerror(ret)); exit (1); } cgrp = cgroup_new_cgroup("fuzzer"); if (!cgrp) { printf("Failed to allocate cgroup fuzzer\n"); exit(1); } ret = cgroup_create_cgroup(cgrp, 1); if (ret) { printf("failed to create %s: %s\n", "fuzzer", cgroup_strerror(ret)); goto err; } cgroup_get_uid_gid(cgrp, NULL, NULL, NULL, NULL); // should not reach here return 0; } Signed-off-by: Kamalesh Babulal Signed-off-by: Tom Hromatka --- diff --git a/src/wrapper.c b/src/wrapper.c index 89e97095..324b881e 100644 --- a/src/wrapper.c +++ b/src/wrapper.c @@ -404,7 +404,7 @@ int cgroup_set_uid_gid(struct cgroup *cgroup, uid_t tasks_uid, gid_t tasks_gid, int cgroup_get_uid_gid(struct cgroup *cgroup, uid_t *tasks_uid, gid_t *tasks_gid, uid_t *control_uid, gid_t *control_gid) { - if (!cgroup) + if (!cgroup || !tasks_uid || !tasks_gid || !control_uid || !control_gid) return ECGINVAL; *tasks_uid = cgroup->tasks_uid;