From patchwork Mon Aug 26 11:00:18 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Niv Shetrit <niv.shetrit@altair-semi.com>
X-Patchwork-Id: 1153101
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.denx.de
	(client-ip=81.169.180.215; helo=lists.denx.de;
	envelope-from=u-boot-bounces@lists.denx.de;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=altair-semi.com
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 46H8Dd4Sp1z9sBF
	for <incoming@patchwork.ozlabs.org>;
	Mon, 26 Aug 2019 21:00:33 +1000 (AEST)
Received: by lists.denx.de (Postfix, from userid 105)
	id 1DF9BC21FCA; Mon, 26 Aug 2019 11:00:24 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable
	autolearn_force=no version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id 40709C21F7D;
	Mon, 26 Aug 2019 11:00:22 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id 36472C21F7D; Mon, 26 Aug 2019 11:00:21 +0000 (UTC)
Received: from dispatch1-eu1.ppe-hosted.com (dispatch1-eu1.ppe-hosted.com
	[91.209.104.157])
	by lists.denx.de (Postfix) with ESMTPS id CC7E8C21C2C
	for <u-boot@lists.denx.de>; Mon, 26 Aug 2019 11:00:20 +0000 (UTC)
X-Virus-Scanned: Proofpoint Essentials engine
Received: from ubuntu.localdomain (altgw.altair-semi.com [82.166.199.42])
	by mx1-eu1.ppe-hosted.com (PPE Hosted ESMTP Server) with ESMTP id
	DFD0F40060; Mon, 26 Aug 2019 11:00:19 +0000 (UTC)
From: Niv <niv.shetrit@altair-semi.com>
To: u-boot@lists.denx.de
Date: Mon, 26 Aug 2019 04:00:18 -0700
Message-Id: <20190826110018.15767-1-niv.shetrit@altair-semi.com>
X-Mailer: git-send-email 2.17.1
X-MDID: 1566817220-B2-yBmqjtFmp
Cc: Niv <niv.shetrit@altair-semi.com>
Subject: [U-Boot] [PATCH] Removed possible null dereference by wrapping
	'strchr' with 'if'.
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Signed-off-by: Niv Shetrit <niv.shetrit@altair-semi.com>
---
 common/cli_hush.c | 80 +++++++++++++++++++++++++++--------------------
 1 file changed, 46 insertions(+), 34 deletions(-)

diff --git a/common/cli_hush.c b/common/cli_hush.c
index 8f86e4aa4a..a9588bbef2 100644
--- a/common/cli_hush.c
+++ b/common/cli_hush.c
@@ -3539,41 +3539,53 @@ static char *insert_var_value_sub(char *inp, int tag_subst)
 		}
 		inp = ++p;
 		/* find the ending marker */
-		p = strchr(inp, SPECIAL_VAR_SYMBOL);
-		*p = '\0';
-		/* look up the value to substitute */
-		if ((p1 = lookup_param(inp))) {
-			if (tag_subst)
-				len = res_str_len + strlen(p1) + 2;
-			else
-				len = res_str_len + strlen(p1);
-			res_str = xrealloc(res_str, (1 + len));
-			if (tag_subst) {
-				/*
-				 * copy the variable value to the result
-				 * string
-				 */
-				strcpy((res_str + res_str_len + 1), p1);
-
-				/*
-				 * mark the replaced text to be accepted as
-				 * is
-				 */
-				res_str[res_str_len] = SUBSTED_VAR_SYMBOL;
-				res_str[res_str_len + 1 + strlen(p1)] =
-					SUBSTED_VAR_SYMBOL;
-			} else
-				/*
-				 * copy the variable value to the result
-				 * string
-				 */
-				strcpy((res_str + res_str_len), p1);
-
-			res_str_len = len;
-		}
-		*p = SPECIAL_VAR_SYMBOL;
+		while ((p = strchr(inp, SPECIAL_VAR_SYMBOL))) {
+		/* check the beginning of the string for normal characters */
+		if (p != inp) {
+			/* copy any characters to the result string */
+			len = p - inp;
+			res_str = xrealloc(res_str, (res_str_len + len));
+			strncpy((res_str + res_str_len), inp, len);
+			res_str_len += len;
+		}
 		inp = ++p;
-		done = 1;
+		/* find the ending marker */
+		if ((p = strchr(inp, SPECIAL_VAR_SYMBOL))) {
+			*p = '\0';
+			/* look up the value to substitute */
+			if ((p1 = lookup_param(inp))) {
+				if (tag_subst)
+					len = res_str_len + strlen(p1) + 2;
+				else
+					len = res_str_len + strlen(p1);
+				res_str = xrealloc(res_str, (1 + len));
+				if (tag_subst) {
+					/*
+					 * copy the variable value to the result
+					 * string
+					 */
+					strcpy((res_str + res_str_len + 1), p1);
+
+					/*
+					 * mark the replaced text to be accepted as
+					 * is
+					 */
+					res_str[res_str_len] = SUBSTED_VAR_SYMBOL;
+					res_str[res_str_len + 1 + strlen(p1)] =
+						SUBSTED_VAR_SYMBOL;
+				} else
+					/*
+					 * copy the variable value to the result
+					 * string
+					 */
+					strcpy((res_str + res_str_len), p1);
+
+				res_str_len = len;
+			}
+			*p = SPECIAL_VAR_SYMBOL;
+			inp = ++p;
+			done = 1;
+		}
 	}
 	if (done) {
 		res_str = xrealloc(res_str, (1 + res_str_len + strlen(inp)));