From: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Date: Mon, 20 Feb 2023 15:09:07 +0000 (+0000)
Subject: wrapper: fix segfault in cgroup_set_value_string()
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b71f980dd831d98b55e77b18a37e12a849252a96;p=thirdparty%2Flibcgroup.git

wrapper: fix segfault in cgroup_set_value_string()

The second and third arguments passed to cgroup_set_value_string() are
of type char * and the user might pass NULL in place of one or both of
the arguments, causing a segfault.  segfault is trigger when the NULL,
argument values are used without checks, fix it by checking for NULL
before proceeding.

Reproducer:
-----------

int main(void)
{
        struct cgroup_controller *cgc;
        struct cgroup *cgrp;

        cgroup_init();
        if (ret)
		exit(1);

        cgrp = cgroup_new_cgroup("fuzzer");
        if (!cgrp)
                exit(1);

        cgc = cgroup_add_controller(cgrp, "cpu");
        if (!cgc)
		exit(1);

        ret = cgroup_create_cgroup(cgrp, 1);
        if (ret)
		exit(1);

        cgroup_set_value_string(cgc, NULL, NULL);

	// should not reach here.
	return 0;
}

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
(cherry picked from commit 3eabc319b1af5ab8024eb9145e196270c4cdec94)
---

diff --git a/src/wrapper.c b/src/wrapper.c
index 0e724116..dc6dd936 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -462,7 +462,7 @@ int cgroup_set_value_string(struct cgroup_controller *controller, const char *na
 {
 	int i;
 
-	if (!controller)
+	if (!controller || !name || !value)
 		return ECGINVAL;
 
 	for (i = 0; i < controller->index; i++) {