diff options
author | Ross Burton <ross.burton@intel.com> | 2012-07-18 10:37:38 +0100 |
---|---|---|
committer | Daniel Wagner <daniel.wagner@bmw-carit.de> | 2012-07-18 11:52:16 +0200 |
commit | c28f8256ca105da2d3b1f47a3a348fa47e7d89c6 (patch) | |
tree | 448eae14222a70326f41ef9cd96b64bca5175c70 /src/storage.c | |
parent | 13f39a7a5b21c7088d584e015f44cad88def279b (diff) | |
download | connman-c28f8256ca105da2d3b1f47a3a348fa47e7d89c6.tar.gz connman-c28f8256ca105da2d3b1f47a3a348fa47e7d89c6.tar.bz2 connman-c28f8256ca105da2d3b1f47a3a348fa47e7d89c6.zip |
storage: check that the string isn't empty before splitting
If the string was non-NULL but empty (str="\0"), the following \0 assignment
would write to str[-1] and thus cause memory corruption.
On PPC and MIPS, this was causing crashes in glibc.
Diffstat (limited to 'src/storage.c')
-rw-r--r-- | src/storage.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/storage.c b/src/storage.c index 47bd0cbc..20766a34 100644 --- a/src/storage.c +++ b/src/storage.c @@ -212,7 +212,11 @@ gchar **connman_storage_get_services() closedir(dir); str = g_string_free(result, FALSE); - if (str) { + if (str && str[0] != '\0') { + /* + * Remove the trailing separator so that services doesn't end up + * with an empty element. + */ str[strlen(str) - 1] = '\0'; services = g_strsplit(str, "/", -1); } |