env: avoid possible NULL pointer access

env_attr_lookup call env_attr_walk with
callback = regex_callback.

In env_attr_walk
attributes = strchr(entry_cpy, ENV_ATTR_SEP)
will return NULL if ENV_ATTR_SEP is not found.

In the aftermath regex_callback may call
strlen(attributes)
with a NULL value which will lead to a failure.

The problem was indicated by scan-clam.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

diff --git a/common/env_attr.c b/common/env_attr.c
index 386219087b8cff46d0e321bdda456d8ee5ef0924..f965b4bbb6a917fb5f27642bc88b66f73ac2da96 100644 (file)
--- a/common/env_attr.c
+++ b/common/env_attr.c
@@ -132,6 +132,10 @@ static int regex_callback(const char *name, const char *attributes, void *priv)
                if (slre_match(&slre, cbp->searched_for,
                               strlen(cbp->searched_for), caps)) {
                        free(cbp->regex);
+                       if (!attributes) {
+                               retval = -EINVAL;
+                               goto done;
+                       }
                        cbp->regex = malloc(strlen(regex) + 1);
                        if (cbp->regex) {
                                strcpy(cbp->regex, regex);