hush: fix segfault on syntax error

Hush segfaults if it sees a syntax error while attempting to parse a command: $ ./u-boot -c "'" ... syntax error Segmentation fault (core dumped) This is due to a NULL pointer dereference of in_str->p in static_peek(). The problem is that the exit condition for the loop in parse_stream_outer() checks for rcode not being -1, but rcode is only ever 0 or 1. Signed-off-by: Rabin Vincent <rabin@rab.in> Acked-by: Simon Glass <sjg@chromium.org) Tested-by: Simon Glass <sjg@chromium.org)
author: Rabin Vincent <rabin@rab.in> 2014-10-29 23:21:40 +0100
committer: Tom Rini <trini@ti.com> 2014-11-07 16:27:06 -0500
commit: 128059b926b3c34bbb364dcacd8d0511ff906be8 (patch)
tree: 5aad33bca41205ea21577dfaddceb01858e87ddb
parent: 484408fb5194586b6ba6251f15cbae0c445c3bf5 (diff)
download: u-boot-imx-128059b926b3c34bbb364dcacd8d0511ff906be8.zip
u-boot-imx-128059b926b3c34bbb364dcacd8d0511ff906be8.tar.gz
u-boot-imx-128059b926b3c34bbb364dcacd8d0511ff906be8.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/common/cli_hush.c b/common/cli_hush.c
index 9607e93..a07ae71 100644
--- a/common/cli_hush.c
+++ b/common/cli_hush.c
@@ -3217,7 +3217,7 @@ static int parse_stream_outer(struct in_str *inp, int flag)
 		}
 		b_free(&temp);
 	/* loop on syntax errors, return on EOF */
-	} while (rcode != -1 && !(flag & FLAG_EXIT_FROM_LOOP) &&
+	} while (rcode != 1 && !(flag & FLAG_EXIT_FROM_LOOP) &&
 		(inp->peek != static_peek || b_peek(inp)));
 #ifndef __U_BOOT__
 	return 0;
author	Rabin Vincent <rabin@rab.in>	2014-10-29 23:21:40 +0100
committer	Tom Rini <trini@ti.com>	2014-11-07 16:27:06 -0500
commit	128059b926b3c34bbb364dcacd8d0511ff906be8 (patch)
tree	5aad33bca41205ea21577dfaddceb01858e87ddb
parent	484408fb5194586b6ba6251f15cbae0c445c3bf5 (diff)
download	u-boot-imx-128059b926b3c34bbb364dcacd8d0511ff906be8.zip u-boot-imx-128059b926b3c34bbb364dcacd8d0511ff906be8.tar.gz u-boot-imx-128059b926b3c34bbb364dcacd8d0511ff906be8.tar.bz2