[lxc-devel] [PATCH] fix potential out of bounds pointer deref
Dwight Engen
dwight.engen at oracle.com
Tue Jul 9 22:07:26 UTC 2013
I noticed that if find_first_wholeword() is called with word at the very
beginning of p, we will deref *(p - 1) to see if it is a word boundary.
Fix by considering p = p0 to be a word boundary.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
---
src/lxc/lxccontainer.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 4dbb587..245d5eb 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -1534,13 +1534,16 @@ static int is_word_sep(char c)
}
}
-static const char *find_first_wholeword(const char *p, const char *word)
+static const char *find_first_wholeword(const char *p0, const char *word)
{
+ const char *p = p0;
+
if (!p)
return NULL;
while ((p = strstr(p, word)) != NULL) {
- if (is_word_sep(*(p-1)) && is_word_sep(p[strlen(word)]))
+ if ((p == p0 || is_word_sep(*(p-1))) &&
+ is_word_sep(p[strlen(word)]))
return p;
p++;
}
--
1.8.1.4
More information about the lxc-devel
mailing list