api.c: prevent array out-of-bounds access in cgroup_parse_rules_file
In the function src/api.c/cgroup_parse_rules_file, the condition of loop:
for (i = 0; lst->tail->controllers[i]; i++)
cgroup_dbg(" %s", lst->tail->controllers[i]);
allows accessing lst->tail->controllers[MAX_MNT_ELEMENTS] if
lst->tail->controllers is full and lacks a terminating NULL.
Add explicit bounds checking (i < MAX_MNT_ELEMENTS) while maintaining
the NULL check. This ensures that there will never be reading past the
array boundaries regardless of its content.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Mikhail Dmitrichenko <m.dmitrichenko222@gmail.com>
Acked-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
(cherry picked from commit
ce5749a5ba752d0e273e427fbd2bb68f9f846b64)
projects / thirdparty / libcgroup.git / commit
