From 4ac9f546120d42be8147e3d90588e7b9738af0cc Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Thu, 28 May 2015 18:03:51 +0200 Subject: [PATCH] BUG/MEDIUM: cfgparse: segfault when userlist is misused If the 'userlist' keyword parsing returns an error and no userlist were previously created. The parsing of 'user' and 'group' leads to NULL derefence. The userlist pointer is now tested to prevent this issue. --- src/cfgparse.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/cfgparse.c b/src/cfgparse.c index 154802eeb..de88d841c 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -6144,6 +6144,9 @@ cfg_parse_users(const char *file, int linenum, char **args, int kwm) goto out; } + if (!userlist) + goto out; + for (ag = userlist->groups; ag; ag = ag->next) if (!strcmp(ag->name, args[1])) { Warning("parsing [%s:%d]: ignoring duplicated group '%s' in userlist '%s'.\n", @@ -6194,6 +6197,8 @@ cfg_parse_users(const char *file, int linenum, char **args, int kwm) err_code |= ERR_ALERT | ERR_FATAL; goto out; } + if (!userlist) + goto out; for (newuser = userlist->users; newuser; newuser = newuser->next) if (!strcmp(newuser->user, args[1])) {