From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000 (+0000)
Subject: skill: Check return value of str*chr() in check_proc().
X-Git-Tag: v3.3.15~112
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a9ee0bf6222ba2f9ddb3b10c843231270721b86b;p=procps-ng

skill: Check return value of str*chr() in check_proc().
---

diff --git a/skill.c b/skill.c
index 27a1dd77..edc42053 100644
--- a/skill.c
+++ b/skill.c
@@ -204,6 +204,8 @@ static void check_proc(int pid, struct run_time_conf_t *run_time)
 		goto closure;
 	buf[len] = '\0';
 	tmp = strrchr(buf, ')');
+	if (!tmp)
+		goto closure;
 	*tmp++ = '\0';
 	i = 5;
 	while (i--)
@@ -218,7 +220,10 @@ static void check_proc(int pid, struct run_time_conf_t *run_time)
 		if (i == -1)
 			goto closure;
 	}
-	tmp = strchr(buf, '(') + 1;
+	tmp = strchr(buf, '(');
+	if (!tmp)
+		goto closure;
+	tmp++;
 	if (cmds) {
 		i = cmd_count;
 		/* fast comparison trick -- useful? */