From e65de9d9824d3b5379b9f57139d753a1d566f921 Mon Sep 17 00:00:00 2001
From: bz <bz@FreeBSD.org>
Date: Thu, 11 Dec 2008 01:04:25 +0000
Subject: Correctly check the number of prison states to not access anything
 outside the prison_states array. When checking if there is a name configured
 for the prison, check the first character to not be '\0' instead of checking
 if the char array is present, which it always is. Note, that this is
 different for the *jailname in the syscall.

Found with:	Coverity Prevent(tm)
CID:		4156, 4155
MFC after:	4 weeks (just that I get the mail)
---
 usr.sbin/jexec/jexec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'usr.sbin/jexec')

diff --git a/usr.sbin/jexec/jexec.c b/usr.sbin/jexec/jexec.c
index 69bc8f0..9d788dd 100644
--- a/usr.sbin/jexec/jexec.c
+++ b/usr.sbin/jexec/jexec.c
@@ -80,13 +80,13 @@ char *lookup_xprison_v3(void *p, char *end, int *id, char *jailname)
 	ok = 1;
 
 	/* Jail state and name. */
-	if (xp->pr_state < 0 || xp->pr_state >
+	if (xp->pr_state < 0 || xp->pr_state >=
 	    (int)((sizeof(prison_states) / sizeof(struct prison_state))))
 		errx(1, "Invalid jail state.");
 	else if (xp->pr_state != PRISON_STATE_ALIVE)
 		ok = 0;
 	if (jailname != NULL) {
-		if (xp->pr_name == NULL)
+		if (xp->pr_name[0] == '\0')
 			ok = 0;
 		else if (strcmp(jailname, xp->pr_name) != 0)
 			ok = 0;
-- 
cgit v1.1