From 902f5bcfbcbc8dce964a69e4c9fcf658dfb62998 Mon Sep 17 00:00:00 2001 From: "xypron.glpk@gmx.de" Date: Mon, 8 May 2017 20:23:54 +0200 Subject: [PATCH] env: avoid possible NULL pointer access env_attr_lookup call env_attr_walk with callback = regex_callback. In env_attr_walk attributes = strchr(entry_cpy, ENV_ATTR_SEP) will return NULL if ENV_ATTR_SEP is not found. In the aftermath regex_callback may call strlen(attributes) with a NULL value which will lead to a failure. The problem was indicated by scan-clam. Signed-off-by: Heinrich Schuchardt --- common/env_attr.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/common/env_attr.c b/common/env_attr.c index 386219087b..f965b4bbb6 100644 --- a/common/env_attr.c +++ b/common/env_attr.c @@ -132,6 +132,10 @@ static int regex_callback(const char *name, const char *attributes, void *priv) if (slre_match(&slre, cbp->searched_for, strlen(cbp->searched_for), caps)) { free(cbp->regex); + if (!attributes) { + retval = -EINVAL; + goto done; + } cbp->regex = malloc(strlen(regex) + 1); if (cbp->regex) { strcpy(cbp->regex, regex);