input (mainly cmdline) parsing corrections

[PATCH 3/5] ns16550: harden name/value pair parsing

Posted by Jan Beulich 1 week, 4 days ago

strsep(), unless passed a 1st argument which itself points at a NULL
pointer, won't return NULL. Instead if the separator(s) looked for isn't
found, that pointed-to field would be updated to hold NULL. Hence the
important check in get_token() is for token to be non-NULL after the call
(which get_token()'s callers rely upon), while the checking of param_name
is left there just in case.

Fixes: 97fd49a7e074 ("ns16550: add support for UART parameters to be specifed with name-value pairs")
Reported-by: Kamil Frankowicz <kamil.frankowicz@cert.pl>
Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/drivers/char/ns16550.c
+++ b/xen/drivers/char/ns16550.c
@@ -1466,7 +1466,7 @@ static enum __init serial_param_type get
     unsigned int i;
 
     param_name = strsep(&token, "=");
-    if ( param_name == NULL )
+    if ( !param_name || !token )
         return num_serial_params;
 
     /* Linear search for the parameter. */

[PATCH 1/5] EFI: avoid OOB config file reads
[PATCH 2/5] llc-coloring: improve checking while parsing
[PATCH 3/5] ns16550: harden name/value pair parsing
[PATCH 4/5] ns16550: harden positional parsing
[PATCH 5/5] video/vesa: harden font height parsing