From b2480b29508bd4068e985e1cb9fbb63a67d2531d Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Fri, 26 Mar 2021 20:21:53 +0100
Subject: [PATCH] string_utils: fix parse_byte_size_string()

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32475
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/string_utils.c | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/lxc/string_utils.c b/src/lxc/string_utils.c
index 1ecb4cd1a..793fd2ca1 100644
--- a/src/lxc/string_utils.c
+++ b/src/lxc/string_utils.c
@@ -906,7 +906,7 @@ int parse_byte_size_string(const char *s, int64_t *converted)
 	char dup[INTTYPE_TO_STRLEN(int64_t)];
 	char suffix[3] = {0};
 
-	if (!s || strequal(s, ""))
+	if (is_empty_string(s))
 		return ret_errno(EINVAL);
 
 	end = stpncpy(dup, s, sizeof(dup) - 1);
@@ -920,17 +920,26 @@ int parse_byte_size_string(const char *s, int64_t *converted)
 	else
 		return ret_errno(EINVAL);
 
-	if (suffix_len > 0 && (end - 2) == dup && !isdigit(*(end - 2)))
-		return ret_errno(EINVAL);
+	if (suffix_len > 0) {
+		if ((end - 1) == dup)
+			return ret_errno(EINVAL);
 
-	if (suffix_len > 0 && isalpha(*(end - 2)))
-		suffix_len++;
+		if ((end - 2) == dup) {
+			if (isalpha(*(end - 2)))
+				return ret_errno(EINVAL);
+			/* 1B */
+		} else {
+			if (isalpha(*(end - 2))) /* 12MB */
+				suffix_len++;
+
+			/* 12B */
+		}
 
-	if (suffix_len > 0) {
 		memcpy(suffix, end - suffix_len, suffix_len);
 		*(suffix + suffix_len) = '\0';
 		*(end - suffix_len) = '\0';
 	}
+
 	dup[lxc_char_right_gc(dup, strlen(dup))] = '\0';
 
 	ret = lxc_safe_long_long(dup, &conv);
-- 
2.47.2