From a95070733f068f9fa1f9e06ec98426164bedecc4 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Tue, 15 Jan 2013 14:59:47 -0500 Subject: Fix bad loop condition within get_devices() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit get_devices() includes this loop: char buffer[256]; ...snip... char *end = buffer; ...snip... while (end && *end != ':') end++; The condition "end" within the while guard will always be true, given that buffer is on the stack and thus will never be near the zero value. It should be *end instead, to check for the NUL terminator byte: this code will likely crash if the string does not contain a colon character. This appears to have been present in the initial commit of the code (8d6ad996f5d60d569532cdba4febb19c69bdf488) Found by Braňo Náter using the "cppcheck" static analyzer. --- python-ethtool/ethtool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python-ethtool/ethtool.c b/python-ethtool/ethtool.c index b31f609..d377531 100644 --- a/python-ethtool/ethtool.c +++ b/python-ethtool/ethtool.c @@ -129,7 +129,7 @@ static PyObject *get_devices(PyObject *self __unused, PyObject *args __unused) if (fgets(buffer, 256, fd) == NULL) break; /* find colon */ - while (end && *end != ':') + while (*end && *end != ':') end++; *end = 0; /* terminate where colon was */ while (*name == ' ') -- cgit