[lxc-devel] [PATCH] fix potential out of bounds pointer deref
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Jul 10 16:07:43 UTC 2013
Quoting Dwight Engen (dwight.engen at oracle.com):
> I noticed that if find_first_wholeword() is called with word at the very
> beginning of p, we will deref *(p - 1) to see if it is a word boundary.
> Fix by considering p = p0 to be a word boundary.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
thanks,
-serge
> ---
> src/lxc/lxccontainer.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> index 4dbb587..245d5eb 100644
> --- a/src/lxc/lxccontainer.c
> +++ b/src/lxc/lxccontainer.c
> @@ -1534,13 +1534,16 @@ static int is_word_sep(char c)
> }
> }
>
> -static const char *find_first_wholeword(const char *p, const char *word)
> +static const char *find_first_wholeword(const char *p0, const char *word)
> {
> + const char *p = p0;
> +
> if (!p)
> return NULL;
>
> while ((p = strstr(p, word)) != NULL) {
> - if (is_word_sep(*(p-1)) && is_word_sep(p[strlen(word)]))
> + if ((p == p0 || is_word_sep(*(p-1))) &&
> + is_word_sep(p[strlen(word)]))
> return p;
> p++;
> }
> --
> 1.8.1.4
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
More information about the lxc-devel
mailing list