From db78c8e46847bf5092ba0a42d2c44a64ddf7f1d3 Mon Sep 17 00:00:00 2001 From: Geoffrey McRae Date: Sun, 30 Jan 2022 19:56:06 +1100 Subject: [PATCH] [common] option: fix bounds check in the argument parser. The recent `pwnkit` exploit brought this to my attention, not that we are a setuid process we should still do this properly... who knows where this code might get used in the future. --- common/src/option.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/common/src/option.c b/common/src/option.c index 1876a6af..f7b2dc8c 100644 --- a/common/src/option.c +++ b/common/src/option.c @@ -272,6 +272,9 @@ static bool option_set(struct Option * opt, const char * value) bool option_parse(int argc, char * argv[]) { + if (argc < 1) + return true; + for(int a = 1; a < argc; ++a) { struct Option * o = NULL;