lib: cli: don't run off graph "pre-end"

Behind END_TKN, there is another graph node whose data pointer is actually struct cmd_element instead of struct cmd_token. Don't try to interpret that as cmd_token. This causes very interesting crashes when ASLR decides to give one of the strings of a command definition a lower 32-bit value that is a valid cmd_token_type (e.g. FORK_TKN). Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
author: David Lamparter <equinox@opensourcerouting.org> 2017-08-07 15:05:34 +0200
committer: David Lamparter <equinox@opensourcerouting.org> 2017-08-07 15:05:34 +0200
commit: 5225e155d38c58e5dc1f48f9b183142f6745f90c (patch)
tree: addb3ea840498f6426c334bd413852721d6618b3 /lib/command_graph.c
parent: 9b0a8efa465aac570b076540490f123a1ec80f08 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/command_graph.c b/lib/command_graph.c
index 3efa4d5cfc..dc7233c1fe 100644
--- a/lib/command_graph.c
+++ b/lib/command_graph.c
@@ -385,7 +385,6 @@ static void cmd_node_names(struct graph_node *gn, struct graph_node *join,
 		break;
 
 	case START_TKN:
-	case END_TKN:
 	case JOIN_TKN:
 		/* "<foo|bar> WORD" -> word is not "bar" or "foo" */
 		prevname = NULL;
@@ -405,6 +404,9 @@ static void cmd_node_names(struct graph_node *gn, struct graph_node *join,
 			cmd_token_varname_set(tailtok, jointok->varname);
 		}
 		break;
+
+	case END_TKN:
+		return;
 	}
 
 	for (i = 0; i < vector_active(gn->to); i++) {
author	David Lamparter <equinox@opensourcerouting.org>	2017-08-07 15:05:34 +0200
committer	David Lamparter <equinox@opensourcerouting.org>	2017-08-07 15:05:34 +0200
commit	5225e155d38c58e5dc1f48f9b183142f6745f90c (patch)
tree	addb3ea840498f6426c334bd413852721d6618b3 /lib/command_graph.c
parent	9b0a8efa465aac570b076540490f123a1ec80f08 (diff)