From 2875de4a355ce934335139ca586d2de441d6a56a Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Fri, 26 Mar 2021 16:38:49 +0100
Subject: [PATCH] confile_utils: fix real-time signal parsing

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32521
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/confile_utils.c | 41 +++++++++++++++++++++++++++--------------
 1 file changed, 27 insertions(+), 14 deletions(-)

diff --git a/src/lxc/confile_utils.c b/src/lxc/confile_utils.c
index e7516dc391..fc4f75433a 100644
--- a/src/lxc/confile_utils.c
+++ b/src/lxc/confile_utils.c
@@ -1024,17 +1024,31 @@ static int sig_num(const char *sig)
 
 static int rt_sig_num(const char *signame)
 {
-	int rtmax = 0, sig_n = 0;
+	bool rtmax;
+	int sig_n = 0;
 
-	if (strncasecmp(signame, "max-", 4) == 0)
-		rtmax = 1;
+	if (is_empty_string(signame))
+		return ret_errno(EINVAL);
+
+	if (strncasecmp(signame, "max-", STRLITERALLEN("max-")) == 0) {
+		rtmax = true;
+		signame += STRLITERALLEN("max-");
+	} else if (strncasecmp(signame, "min+", STRLITERALLEN("min+")) == 0) {
+		rtmax = false;
+		signame += STRLITERALLEN("min+");
+	} else {
+		return ret_errno(EINVAL);
+	}
 
-	signame += 4;
-	if (!isdigit(*signame))
+	if (is_empty_string(signame) || !isdigit(*signame))
 		return ret_errno(EINVAL);
 
 	sig_n = sig_num(signame);
-	sig_n = rtmax ? SIGRTMAX - sig_n : SIGRTMIN + sig_n;
+	if (rtmax)
+		sig_n = SIGRTMAX - sig_n;
+	else
+		sig_n = SIGRTMIN + sig_n;
+
 	if (sig_n > SIGRTMAX || sig_n < SIGRTMIN)
 		return ret_errno(EINVAL);
 
@@ -1043,16 +1057,15 @@ static int rt_sig_num(const char *signame)
 
 int sig_parse(const char *signame)
 {
-	size_t n;
-
-	if (isdigit(*signame)) {
+	if (isdigit(*signame))
 		return sig_num(signame);
-	} else if (strncasecmp(signame, "sig", 3) == 0) {
-		signame += 3;
-		if (strncasecmp(signame, "rt", 2) == 0)
-			return rt_sig_num(signame + 2);
 
-		for (n = 0; n < sizeof(signames) / sizeof((signames)[0]); n++)
+	if (strncasecmp(signame, "sig", STRLITERALLEN("sig")) == 0) {
+		signame += STRLITERALLEN("sig");
+		if (strncasecmp(signame, "rt", STRLITERALLEN("rt")) == 0)
+			return rt_sig_num(signame + STRLITERALLEN("rt"));
+
+		for (size_t n = 0; n < ARRAY_SIZE(signames); n++)
 			if (strcasecmp(signames[n].name, signame) == 0)
 				return signames[n].num;
 	}