blob: c92b58609c86802c22d17ebe17749905995ad7b3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
From ea8c7b3efce4c1762411e073893e948de5d552d6 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Tue, 17 Jul 2012 16:04:12 +0100
Subject: [PATCH] storage: check that the string isn't empty before splitting
If the string was non-NULL but empty (str="\0"), the following \0 assignment
would write to str[-1] and thus cause memory corruption.
On PPC and MIPS, this was causing crashes in glibc.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Upstream-Status: Submitted
---
src/storage.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/storage.c b/src/storage.c
index 47bd0cb..20766a3 100644
--- a/src/storage.c
+++ b/src/storage.c
@@ -212,7 +212,11 @@ gchar **connman_storage_get_services()
closedir(dir);
str = g_string_free(result, FALSE);
- if (str) {
+ if (str && str[0] != '\0') {
+ /*
+ * Remove the trailing separator so that services doesn't end up
+ * with an empty element.
+ */
str[strlen(str) - 1] = '\0';
services = g_strsplit(str, "/", -1);
}
--
1.7.10.4
|
