skill: Check return value of str*chr() in check_proc().

author Qualys Security Advisory <qsa@qualys.com>

Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)

committer Craig Small <csmall@enc.com.au>

Fri, 18 May 2018 21:32:21 +0000 (07:32 +1000)
author Qualys Security Advisory <qsa@qualys.com>
Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committer Craig Small <csmall@enc.com.au>
Fri, 18 May 2018 21:32:21 +0000 (07:32 +1000)
diff --git a/skill.c b/skill.c

index 27a1dd772d8b8897f4de33f7abe7b3ebad985979..edc42053a57cec1f2b673c9a31e74b018b0cb407 100644 (file)
--- a/skill.c
+++ b/skill.c
@@ -204,6 +204,8 @@ static void check_proc(int pid, struct run_time_conf_t *run_time)
                 goto closure;
         buf[len] = '\0';
         tmp = strrchr(buf, ')');
+       if (!tmp)
+               goto closure;
         *tmp++ = '\0';
         i = 5;
         while (i--)
@@ -218,7 +220,10 @@ static void check_proc(int pid, struct run_time_conf_t *run_time)
                 if (i == -1)
                         goto closure;
         }
-       tmp = strchr(buf, '(') + 1;
+       tmp = strchr(buf, '(');
+       if (!tmp)
+               goto closure;
+       tmp++;
         if (cmds) {
                 i = cmd_count;
                 /* fast comparison trick -- useful? */
author	Qualys Security Advisory <qsa@qualys.com>
	Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committer	Craig Small <csmall@enc.com.au>
	Fri, 18 May 2018 21:32:21 +0000 (07:32 +1000)