setproctitle(): Handle potential NULL return from strrchr()

Signed-off-by: Solar Designer <solar@openwall.com>
lxc · Apr 11, 2023 · ebea2b5 · ebea2b5
1 parent e2d10d6
commit ebea2b5
Showing 1 changed file with 9 additions and 13 deletions.
diff --git a/src/lxc/initutils.c b/src/lxc/initutils.c
@@ -245,35 +245,31 @@ int setproctitle(char *title)
 	/*
 	 * executable names may contain spaces, so we search backwards for the
 	 * ), which is the kernel's marker for "end of executable name". this
-	 * skips the first two fields.
+	 * puts the pointer at the end of the second field.
 	 */
-	buf_ptr = strrchr(buf, ')')+2;
+	buf_ptr = strrchr(buf, ')');
+	if (!buf_ptr)
+		return -1;
 
-	/* Skip the next 23 fields, column 26-28 are start_code, end_code,
-	 * and start_stack */
-	buf_ptr = strchr(buf_ptr, ' ');
-	for (i = 0; i < 22; i++) {
+	/* Skip the space and the next 23 fields, column 26-28 are start_code,
+         * end_code, and start_stack */
+	for (i = 0; i < 24; i++) {
+		buf_ptr = strchr(buf_ptr + 1, ' ');
 		if (!buf_ptr)
 			return -1;
-		buf_ptr = strchr(buf_ptr + 1, ' ');
 	}
-	if (!buf_ptr)
-		return -1;
 
 	i = sscanf(buf_ptr, "%" PRIu64 " %" PRIu64 " %" PRIu64, &start_code, &end_code, &start_stack);
 	if (i != 3)
 		return -1;
 
 	/* Skip the next 19 fields, column 45-51 are start_data to arg_end */
 	for (i = 0; i < 19; i++) {
+		buf_ptr = strchr(buf_ptr + 1, ' ');
 		if (!buf_ptr)
 			return -1;
-		buf_ptr = strchr(buf_ptr + 1, ' ');
 	}
 
-	if (!buf_ptr)
-		return -1;
-
 	i = sscanf(buf_ptr, "%" PRIu64 " %" PRIu64 " %" PRIu64 " %*u %*u %" PRIu64 " %" PRIu64, &start_data,
 		   &end_data, &start_brk, &env_start, &env_end);
 	if (i != 5)