Andrew Geissler | 220dafd | 2023-10-04 10:18:08 -0500 | [diff] [blame^] | 1 | CVE: CVE-2023-33461 |
| 2 | Upstream-Status: Backport [https://github.com/ndevilla/iniparser/pull/146/commits/ace9871f65d11b5d73f0b9ee8cf5d2807439442d] |
| 3 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> |
| 4 | |
| 5 | |
| 6 | From ace9871f65d11b5d73f0b9ee8cf5d2807439442d Mon Sep 17 00:00:00 2001 |
| 7 | From: Antonio <antoniolrt@gmail.com> |
| 8 | Date: Fri, 2 Jun 2023 15:03:10 -0300 |
| 9 | Subject: [PATCH] Handle null return from iniparser_getstring |
| 10 | |
| 11 | Fix handling of NULL returns from iniparser_getstring in |
| 12 | iniparser_getboolean, iniparser_getlongint and iniparser_getdouble, |
| 13 | avoiding a crash. |
| 14 | --- |
| 15 | src/iniparser.c | 6 +++--- |
| 16 | 1 file changed, 3 insertions(+), 3 deletions(-) |
| 17 | |
| 18 | diff --git a/src/iniparser.c b/src/iniparser.c |
| 19 | index f1d1658..dbceb20 100644 |
| 20 | --- a/src/iniparser.c |
| 21 | +++ b/src/iniparser.c |
| 22 | @@ -456,7 +456,7 @@ long int iniparser_getlongint(const dictionary * d, const char * key, long int n |
| 23 | const char * str ; |
| 24 | |
| 25 | str = iniparser_getstring(d, key, INI_INVALID_KEY); |
| 26 | - if (str==INI_INVALID_KEY) return notfound ; |
| 27 | + if (str==NULL || str==INI_INVALID_KEY) return notfound ; |
| 28 | return strtol(str, NULL, 0); |
| 29 | } |
| 30 | |
| 31 | @@ -511,7 +511,7 @@ double iniparser_getdouble(const dictionary * d, const char * key, double notfou |
| 32 | const char * str ; |
| 33 | |
| 34 | str = iniparser_getstring(d, key, INI_INVALID_KEY); |
| 35 | - if (str==INI_INVALID_KEY) return notfound ; |
| 36 | + if (str==NULL || str==INI_INVALID_KEY) return notfound ; |
| 37 | return atof(str); |
| 38 | } |
| 39 | |
| 40 | @@ -553,7 +553,7 @@ int iniparser_getboolean(const dictionary * d, const char * key, int notfound) |
| 41 | const char * c ; |
| 42 | |
| 43 | c = iniparser_getstring(d, key, INI_INVALID_KEY); |
| 44 | - if (c==INI_INVALID_KEY) return notfound ; |
| 45 | + if (c==NULL || c==INI_INVALID_KEY) return notfound ; |
| 46 | if (c[0]=='y' || c[0]=='Y' || c[0]=='1' || c[0]=='t' || c[0]=='T') { |
| 47 | ret = 1 ; |
| 48 | } else if (c[0]=='n' || c[0]=='N' || c[0]=='0' || c[0]=='f' || c[0]=='F') { |