From d1f8d6bfb2c1cf781ad21b8f008082d07521426c Mon Sep 17 00:00:00 2001 From: Kamalesh Babulal Date: Tue, 28 Feb 2023 14:45:05 +0530 Subject: [PATCH] wrapper: fix segfault in cgroup_get_uid_gid() The arguments passed to cgroup_get_uid_gid() are of type pointers and the user might pass NULL in place of or all of the arguments, causing a segfault. segfault is triggered when the NULL, argument value is passed without check, fix it by checking for NULL before proceeding. Reproducer: ----------- int main(void) { struct cgroup *cgrp; uid_t tuid, cuid; gid_t tgid, cgid; int ret; ret = cgroup_init(); if (ret) { printf("Failed to initialize: %s\n", cgroup_strerror(ret)); exit (1); } cgrp = cgroup_new_cgroup("fuzzer"); if (!cgrp) { printf("Failed to allocate cgroup fuzzer\n"); exit(1); } ret = cgroup_create_cgroup(cgrp, 1); if (ret) { printf("failed to create %s: %s\n", "fuzzer", cgroup_strerror(ret)); goto err; } cgroup_get_uid_gid(cgrp, NULL, NULL, NULL, NULL); // should not reach here return 0; } Signed-off-by: Kamalesh Babulal Signed-off-by: Tom Hromatka (cherry picked from commit 3d439e58f2487dca33ebf568ac323714a5c1ecfc) --- src/wrapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wrapper.c b/src/wrapper.c index 89e97095..324b881e 100644 --- a/src/wrapper.c +++ b/src/wrapper.c @@ -404,7 +404,7 @@ int cgroup_set_uid_gid(struct cgroup *cgroup, uid_t tasks_uid, gid_t tasks_gid, int cgroup_get_uid_gid(struct cgroup *cgroup, uid_t *tasks_uid, gid_t *tasks_gid, uid_t *control_uid, gid_t *control_gid) { - if (!cgroup) + if (!cgroup || !tasks_uid || !tasks_gid || !control_uid || !control_gid) return ECGINVAL; *tasks_uid = cgroup->tasks_uid; -- 2.47.2