From 34e98305dd2522a4cb5b5bfd59c9dbc53c5ef540 Mon Sep 17 00:00:00 2001
From: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Date: Tue, 31 Jan 2023 11:30:21 -0700
Subject: [PATCH] api: fix segfault in cgroup_set_permissions()

In cgroup_set_permissions(), we don't validate the cgroup and a NULL may
be passed to it in place of the cgroup, causing a segfault, when the
NULL pointer is dereferenced to set the permissions. This patch
introduces a check to validate the cgroup argument.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
(cherry picked from commit 9795cdf9c18878388b9aa5c428c29eca8d6ad0a7)
---
 src/api.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/api.c b/src/api.c
index 704e62d8..f304d2f4 100644
--- a/src/api.c
+++ b/src/api.c
@@ -377,6 +377,12 @@ int cg_chmod_recursive(struct cgroup *cgroup, mode_t dir_mode, int dirm_change,
 void cgroup_set_permissions(struct cgroup *cgroup, mode_t control_dperm, mode_t control_fperm,
 			    mode_t task_fperm)
 {
+	if (!cgroup) {
+		/* ECGROUPNOTALLOWED */
+		cgroup_err("Cgroup, operation not allowed\n");
+		return;
+	}
+
 	cgroup->control_dperm = control_dperm;
 	cgroup->control_fperm = control_fperm;
 	cgroup->task_fperm = task_fperm;
-- 
2.47.2