[CRIU] [PATCH] lib: criu -- Test for nil on malloc/strdup calls
Cyrill Gorcunov
gorcunov at openvz.org
Thu Mar 27 05:43:39 PDT 2014
Otherwise nil dereference is possible.
Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
---
lib/criu.c | 23 ++++++++++++++++++++---
lib/criu.h | 2 +-
2 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/lib/criu.c b/lib/criu.c
index e4238b837dc1..1c98f2f4f943 100644
--- a/lib/criu.c
+++ b/lib/criu.c
@@ -115,13 +115,30 @@ void criu_set_cpu_cap(unsigned int cap)
opts->cpu_cap = cap;
}
-void criu_set_exec_cmd(int argc, char *argv[])
+int criu_set_exec_cmd(int argc, char *argv[])
{
int i;
+
opts->n_exec_cmd = argc;
opts->exec_cmd = malloc((argc) * sizeof(char *));
- for (i = 0; i < argc; i++)
- opts->exec_cmd[i] = strdup(argv[i]);
+
+ if (opts->exec_cmd) {
+ for (i = 0; i < argc; i++) {
+ opts->exec_cmd[i] = strdup(argv[i]);
+ if (!opts->exec_cmd[i]) {
+ while (i > 0)
+ free(opts->exec_cmd[i--]);
+ free(opts->exec_cmd);
+ opts->n_exec_cmd = 0;
+ opts->exec_cmd = NULL;
+ goto out;
+ }
+ }
+ return 0;
+ }
+
+out:
+ return -ENOMEM;
}
static CriuResp *recv_resp(int socket_fd)
diff --git a/lib/criu.h b/lib/criu.h
index ad12f3cc8077..f8790298700c 100644
--- a/lib/criu.h
+++ b/lib/criu.h
@@ -41,7 +41,7 @@ void criu_set_file_locks(bool file_locks);
void criu_set_log_level(int log_level);
void criu_set_log_file(char *log_file);
void criu_set_cpu_cap(unsigned int cap);
-void criu_set_exec_cmd(int argc, char *argv[]);
+int criu_set_exec_cmd(int argc, char *argv[]);
/* Here is a table of return values and errno's of functions
* from the list down below.
--
1.8.3.1
More information about the CRIU
mailing list