From: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Date: Mon, 27 Feb 2023 04:20:34 +0000 (+0530)
Subject: wrapper: fix segfault in cgroup_add_value_string
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e328b8232762b92e2cd84c46583d3dd2b434b321;p=thirdparty%2Flibcgroup.git

wrapper: fix segfault in cgroup_add_value_string

The second and third arguments passed to cgroup_add_value_string() are
of type char * and the user might pass NULL in place of one or both of
the arguments, causing a segfault.  segfault is trigger when the NULL,
argument value is passed to second argument without check, fix it by
checking for NULL before proceeding.

Reproducer:
----------

int main(void)
{
        struct cgroup_controller *cgc;
        struct cgroup *cgrp;
        int ret;

        ret = cgroup_init();
        if (ret)
		exit (1);

        cgrp = cgroup_new_cgroup("fuzzer");
        if (!cgrp)
		exit (1);

        cgc = cgroup_add_controller(cgrp, "cpu");
        if (!cgc)
		exit (1);

        cgroup_add_value_string(cgc, NULL, NULL);

	// should not reach here
	return 0;
}

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
(cherry picked from commit 097a766dd055c41cc6639276d54b8817e512a252)
---

diff --git a/src/wrapper.c b/src/wrapper.c
index 2038ae78..89e97095 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -209,7 +209,7 @@ int cgroup_add_value_string(struct cgroup_controller *controller, const char *na
 	int i;
 	struct control_value *cntl_value;
 
-	if (!controller)
+	if (!controller || !name)
 		return ECGINVAL;
 
 	if (controller->index >= CG_NV_MAX)