src/api.c: prevent potential null ptr deref in cgroup_fill_cgc

In function cgroup_fill_cgc there is an allocation of memory by calling
strdup(ctrl_dir->d_name). Result of this allocation is not checked,
and in case of OOM it'll lead to null ptr deref.

This commit adds handling of possible null ptr as a result of failed
memory allocation.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Mikhail Dmitrichenko <m.dmitrichenko222@gmail.com>
Acked-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>

diff --git a/src/api.c b/src/api.c
index 8dcaf80aa69fb4d43e0f1120977b5e6bbd7c6cca..6b0140d6c815db1e74469becc8f7e1e38795824b 100644 (file)
--- a/src/api.c
+++ b/src/api.c
@@ -3771,6 +3771,12 @@ int cgroup_fill_cgc(struct dirent *ctrl_dir, struct cgroup *cgrp, struct cgroup_
 
        d_name = strdup(ctrl_dir->d_name);
 
+       if (!d_name) {
+               error = ECGOTHER;
+               cgroup_err("strdup failed to allocate memory: %s\n", strerror(errno));
+               goto fill_error;
+       }
+
        if (!strcmp(d_name, ".") || !strcmp(d_name, "..")) {
                error = ECGINVAL;
                goto fill_error;
@@ -3840,7 +3846,8 @@ int cgroup_fill_cgc(struct dirent *ctrl_dir, struct cgroup *cgrp, struct cgroup_
 fill_error:
        if (ctrl_value)
                free(ctrl_value);
-       free(d_name);
+       if (d_name)
+               free(d_name);
 
        return error;
 }