Skip to content

Commit

Permalink
search: Fix a NULL ptr deref with zero terms
Browse files Browse the repository at this point in the history 
Here `clang-analyzer` found a legitimate bug, through a quite
deep call stack.  Before this change, providing zero search terms like
this results in a segfault:

```
$ rpmostree_busctl_call_os Search as 0
```

In exactly the way predicted by the static analysis.

Verify we have at least one term at entry into the function,
and also add further assertions later.
  • Loading branch information
@cgwalters
cgwalters committed Aug 29, 2023
1 parent 0198762 commit f268221
Showing 1 changed file with 14 additions and 2 deletions.
16 changes: 14 additions & 2 deletions src/daemon/rpmostreed-os.cxx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1193,11 +1193,16 @@ search_packages_by_filter (HyQuery query, GVariantBuilder *builder, const gchar
hy_autoquery HyQuery intermediate_query = hy_query_clone (query);
hy_autoquery HyQuery final_query = hy_query_clone (query);

// Must have at least one term
const char *first_term = names[0];
g_assert (first_term);

int names_count = 0;
for (guint i = 0; names[i] != NULL; i++)
{
names_count++;
}
g_assert_cmpint (names_count, >, 0);

/* Name/Summary matches */
if (keynames.size () < 2)
Expand Down Expand Up @@ -1273,11 +1278,11 @@ search_packages_by_filter (HyQuery query, GVariantBuilder *builder, const gchar
for (guint i = 0; i < keynames.size (); i++)
{
hy_query_clear (query);
apply_search_filter (&query, keynames[i], names[0], HY_EQ);
apply_search_filter (&query, keynames[i], first_term, HY_EQ);
intermediate_query = hy_query_clone (query);

hy_query_clear (query);
apply_search_filter (&query, keynames[i], names[0], HY_SUBSTR);
apply_search_filter (&query, keynames[i], first_term, HY_SUBSTR);
hy_query_union (intermediate_query, query);

if (i != 0)
Expand All @@ -1303,6 +1308,13 @@ os_handle_search (RPMOSTreeOS *interface, GDBusMethodInvocation *invocation,
sd_journal_print (LOG_INFO, "Handling Search for caller %s",
g_dbus_method_invocation_get_sender (invocation));

if (!names || !*names)
{
g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_FAILED,
"Must specify a term for search");
return TRUE;
}

g_autoptr (DnfContext) dnfctx
= os_create_dnf_context_simple (interface, TRUE, cancellable, &local_error);
if (dnfctx == NULL)
Expand Down

0 comments on commit f268221

Please sign in to comment.