From 128059b926b3c34bbb364dcacd8d0511ff906be8 Mon Sep 17 00:00:00 2001
From: Rabin Vincent <rabin@rab.in>
Date: Wed, 29 Oct 2014 23:21:40 +0100
Subject: [PATCH] hush: fix segfault on syntax error

Hush segfaults if it sees a syntax error while attempting to parse a
command:

 $ ./u-boot -c "'"
 ...
 syntax error
 Segmentation fault (core dumped)

This is due to a NULL pointer dereference of in_str->p in static_peek().
The problem is that the exit condition for the loop in
parse_stream_outer() checks for rcode not being -1, but rcode is only
ever 0 or 1.

Signed-off-by: Rabin Vincent <rabin@rab.in>
Acked-by: Simon Glass <sjg@chromium.org)
Tested-by: Simon Glass <sjg@chromium.org)
---
 common/cli_hush.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/cli_hush.c b/common/cli_hush.c
index 9607e93d513..a07ae717e14 100644
--- a/common/cli_hush.c
+++ b/common/cli_hush.c
@@ -3217,7 +3217,7 @@ static int parse_stream_outer(struct in_str *inp, int flag)
 		}
 		b_free(&temp);
 	/* loop on syntax errors, return on EOF */
-	} while (rcode != -1 && !(flag & FLAG_EXIT_FROM_LOOP) &&
+	} while (rcode != 1 && !(flag & FLAG_EXIT_FROM_LOOP) &&
 		(inp->peek != static_peek || b_peek(inp)));
 #ifndef __U_BOOT__
 	return 0;
-- 
GitLab