From 31f0765afd61f55b1dd2cdb62ec1968efca19690 Mon Sep 17 00:00:00 2001
From: Justinas Grauslis <justinas@8devices.com>
Date: Mon, 8 Jul 2019 11:01:09 +0300
Subject: [PATCH] procd: check strchr() result before using it

Subtracting some address from NULL does not necessary
results in negative value. It's lower level dependent.

In our case (IPQ4019 + Yocto + meta-openwrt) subtracting
token address from NULL strchr() return value results in
large positive number which causes out-of-boundary memory
access and eventually a segfault.

Signed-off-by: Justinas Grauslis <justinas@8devices.com>
---
 utils/utils.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/utils/utils.c b/utils/utils.c
index c5b9513..8d76129 100644
--- a/utils/utils.c
+++ b/utils/utils.c
@@ -150,8 +150,11 @@ char* get_cmdline_val(const char* name, char* out, int len)
 	for (c = strtok_r(line, " \t\n", &sptr); c;
 			c = strtok_r(NULL, " \t\n", &sptr)) {
 		char *sep = strchr(c, '=');
+		if (sep == NULL)
+			continue;
+
 		ssize_t klen = sep - c;
-		if (klen < 0 || strncmp(name, c, klen) || name[klen] != 0)
+		if (strncmp(name, c, klen) || name[klen] != 0)
 			continue;
 
 		strncpy(out, &sep[1], len);
-- 
2.30.2