[dm-devel] [PATCH v2 10/10] libmultipath: validate_config_strvec(): avoid out-of-bounds access
mwilck at suse.com
mwilck at suse.com
Wed Aug 26 09:59:07 UTC 2020
From: Martin Wilck <mwilck at suse.com>
Always check the length of strvec before accessing elements.
Signed-off-by: Martin Wilck <mwilck at suse.com>
---
libmultipath/parser.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/libmultipath/parser.c b/libmultipath/parser.c
index e6753c4..ed6d5d6 100644
--- a/libmultipath/parser.c
+++ b/libmultipath/parser.c
@@ -436,14 +436,16 @@ is_sublevel_keyword(char *str)
int
validate_config_strvec(vector strvec, char *file)
{
- char *str;
+ char *str = NULL;
int i;
- str = VECTOR_SLOT(strvec, 0);
+ if (strvec && VECTOR_SIZE(strvec) > 0)
+ str = VECTOR_SLOT(strvec, 0);
+
if (str == NULL) {
condlog(0, "can't parse option on line %d of %s",
line_nr, file);
- return -1;
+ return -1;
}
if (*str == '}') {
if (VECTOR_SIZE(strvec) > 1)
@@ -456,7 +458,7 @@ validate_config_strvec(vector strvec, char *file)
return -1;
}
if (is_sublevel_keyword(str)) {
- str = VECTOR_SLOT(strvec, 1);
+ str = VECTOR_SIZE(strvec) > 1 ? VECTOR_SLOT(strvec, 1) : NULL;
if (str == NULL)
condlog(0, "missing '{' on line %d of %s",
line_nr, file);
@@ -467,7 +469,7 @@ validate_config_strvec(vector strvec, char *file)
condlog(0, "ignoring extra data starting with '%s' on line %d of %s", (char *)VECTOR_SLOT(strvec, 2), line_nr, file);
return 0;
}
- str = VECTOR_SLOT(strvec, 1);
+ str = VECTOR_SIZE(strvec) > 1 ? VECTOR_SLOT(strvec, 1) : NULL;
if (str == NULL) {
condlog(0, "missing value for option '%s' on line %d of %s",
(char *)VECTOR_SLOT(strvec, 0), line_nr, file);
--
2.28.0
More information about the dm-devel
mailing list