[U-Boot,1/1] env: avoid possible NULL pointer access

Message ID	20170508182354.24180-1-xypron.glpk@gmx.de
State	Accepted
Commit	902f5bcfbcbc8dce964a69e4c9fcf658dfb62998
Delegated to:	Tom Rini
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: Heinrich Schuchardt <xypron.glpk@gmx.de> To: Tom Rini <trini@konsulko.com> Date: Mon, 8 May 2017 20:23:54 +0200 Message-Id: <20170508182354.24180-1-xypron.glpk@gmx.de> Cc: u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de> Subject: [U-Boot] [PATCH 1/1] env: avoid possible NULL pointer access Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Message ID

20170508182354.24180-1-xypron.glpk@gmx.de

State

Accepted

Commit

902f5bcfbcbc8dce964a69e4c9fcf658dfb62998

Delegated to:

Tom Rini

Headers

show

Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 3wM9rS1HjTz9s7f
	for <incoming@patchwork.ozlabs.org>;
	Tue,  9 May 2017 04:24:23 +1000 (AEST)
Received: by lists.denx.de (Postfix, from userid 105)
	id B8987C21C61; Mon,  8 May 2017 18:24:18 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.7 required=5.0 tests=FREEMAIL_FROM,
	RCVD_IN_DNSWL_LOW,
	RCVD_IN_MSPIKE_H2 autolearn=unavailable autolearn_force=no
	version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id 5B70CC21C2A;
	Mon,  8 May 2017 18:24:15 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id 639DCC21C2A; Mon,  8 May 2017 18:24:13 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21])
	by lists.denx.de (Postfix) with ESMTPS id 0EDFBC21C27
	for <u-boot@lists.denx.de>; Mon,  8 May 2017 18:24:13 +0000 (UTC)
Received: from LT002.fritz.box ([95.222.184.236]) by mail.gmx.com (mrgmx103
	[212.227.17.168]) with ESMTPSA (Nemesis) id
	0Lm2lZ-1dh80r03lJ-00ZkL5; Mon, 08 May 2017 20:24:12 +0200
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
To: Tom Rini <trini@konsulko.com>
Date: Mon,  8 May 2017 20:23:54 +0200
Message-Id: <20170508182354.24180-1-xypron.glpk@gmx.de>
X-Mailer: git-send-email 2.11.0
X-Provags-ID: V03:K0:HLcsCvyozmvNOOWD7urC0+mRDKaSvPoO2lplGNw6D1NbxNIy8UU
	KK57kG9r1HDW5skam0NCE/d3j8rE+JOZedU2pjTH3d+wONONpMJyoRIaO7sqY/qIYVfaW00
	a3iyM9QUhyXBaFpHlbFQnXIqFZGuFNMsKcQh+Lh6rUNcikNNHZs31ioZOKLl3hwnQWFjzWa
	yr5Kr7/HHJUmI2G61N9MA==
X-UI-Out-Filterresults: notjunk:1; V01:K0:XONEtT8XuSY=:uCO0hnPJ0XNCnd9IrtKi9Q
	q3Or6GAIi1L+DOTUOcUk5qaTVe0mg2M1DCVYKugBA9XUAxp1806O68aHGcEvG0ZegMy/73fgm
	hiilUYQVLXIxlcVVcQHJRZilx+WlWEa9QBdH//Ddnd+oydXMYfvFD3nkwy4KQHxT8oeouLdef
	jCyOk/BAkMAgKVi2A1zDnndehXZkq1f4STL4xw0dt+oRp8SfLGx2L9ZoBqkNdOvxgjCsauRT3
	5iJe+qD+6MVrmScwj4PTDBn7kwlLhhfeeCDfyKyLZM81XjmFqqcmGX5fe27Z9uPtYCRLkSGwZ
	3kxWIEtWBssKiKJkqjkSeV7JRx7Ymd1QvwMF9coCPo0/vCz6Pp+wcU3tXrNvlzTbWWGl7z0tf
	YVv4mN5TJpmiK574gHyG70Zb6fV7YENyVGzz5Pw8C1ER/G2PftmjGYBAE2qSrljv73b6GpW07
	wa3OyL82qvb5UzGugWQJ4MCtumyiTmcwLSTW2L7/fGDcmnNLGjxNFKQ5osenJOaRnQj36k+yp
	DLWVyEd0N1L0of6ceDRnbQOfWjFvtzoVKYLIvdx6tm+BJ+/3DDOD5kL7/Gyl7EP2IRemVtSxV
	pRbtohwVGYtniOScs2iip0ZLkiF4CEWdSgDkZb/4if/Yy3E5d7YIKmdOPp4J99OcKgl/BEvPr
	R5ZFRSJCOgFuzDM2nL6Fn7xddkYZ8C5kV758j+lCvm7yrz1c+xIyXU1as03W+slLHqazAZjLj
	MFlL6Gg1ogf//1u5ZbumbB1eClFbhp4pUWTVM9YY3H7loMRFm4fRAGy3DYU=
Cc: u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de>
Subject: [U-Boot] [PATCH 1/1] env: avoid possible NULL pointer access
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Commit Message

Heinrich Schuchardt May 8, 2017, 6:23 p.m. UTC

env_attr_lookup call env_attr_walk with
callback = regex_callback.

In env_attr_walk
attributes = strchr(entry_cpy, ENV_ATTR_SEP)
will return NULL if ENV_ATTR_SEP is not found.

In the aftermath regex_callback may call
strlen(attributes)
with a NULL value which will lead to a failure.

The problem was indicated by scan-clam.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 common/env_attr.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Tom Rini May 12, 2017, 5:21 p.m. UTC | #1

On Mon, May 08, 2017 at 08:23:54PM +0200, xypron.glpk@gmx.de wrote:

> env_attr_lookup call env_attr_walk with
> callback = regex_callback.
> 
> In env_attr_walk
> attributes = strchr(entry_cpy, ENV_ATTR_SEP)
> will return NULL if ENV_ATTR_SEP is not found.
> 
> In the aftermath regex_callback may call
> strlen(attributes)
> with a NULL value which will lead to a failure.
> 
> The problem was indicated by scan-clam.
> 
> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Applied to u-boot/master, thanks!

diff --git a/common/env_attr.c b/common/env_attr.c
index 5bfe5e3a89..68843f2e0f 100644
--- a/common/env_attr.c
+++ b/common/env_attr.c
@@ -132,6 +132,10 @@  static int regex_callback(const char *name, const char *attributes, void *priv)
 		if (slre_match(&slre, cbp->searched_for,
 			       strlen(cbp->searched_for), caps)) {
 			free(cbp->regex);
+			if (!attributes) {
+				retval = -EINVAL;
+				goto done;
+			}
 			cbp->regex = malloc(strlen(regex) + 1);
 			if (cbp->regex) {
 				strcpy(cbp->regex, regex);

[U-Boot,1/1] env: avoid possible NULL pointer access

Commit Message

Comments

Patch