From ee9feddfe5192c3b6a078d7568d46a5d3c862512 Mon Sep 17 00:00:00 2001 From: Kamalesh Babulal Date: Sat, 4 Mar 2023 06:34:10 +0000 Subject: [PATCH] tools/cgxset: check for delimiter in name_value string While parsing -r option for name, and value pairs, we rely on strtok() to return NULL, when there is no delimiter and lhf/rhf can't be mapped into the name, and value tokens. This assumption is not true, strtok() returns the whole string when it doesn't find the delimiter. Operating under this assumption also segfaults later in the code. Fix it, by checking for the presence of a delimiter in the passed name_value_str in parse_r_flag(). This also initializes the pointer to NULL, to avoid reading them before assignment in the error path. Signed-off-by: Kamalesh Babulal Signed-off-by: Tom Hromatka (cherry picked from commit bc414f494686c3bc66f2747b61c80a4f6e9118f5) --- src/tools/cgxset.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/tools/cgxset.c b/src/tools/cgxset.c index 06495d5e..2ca4cea5 100644 --- a/src/tools/cgxset.c +++ b/src/tools/cgxset.c @@ -92,9 +92,16 @@ static void usage(int status, const char *program_name) STATIC int parse_r_flag(const char * const program_name, const char * const name_value_str, struct control_value * const name_value) { - char *copy, *buf; + char *copy = NULL, *buf = NULL; int ret = 0; + buf = strchr(name_value_str, '='); + if (buf == NULL) { + err("%s: wrong parameter of option -r: %s\n", program_name, optarg); + ret = EXIT_BADARGS; + goto err; + } + copy = strdup(name_value_str); if (copy == NULL) { err("%s: not enough memory\n", program_name); -- 2.47.2