From b05683c7cbf1248560d42ef76ee9e3c6e5923562 Mon Sep 17 00:00:00 2001
From: xiacong <xiacong4@huawei.com>
Date: Fri, 25 Nov 2022 11:17:27 +0800
Subject: [PATCH] =?UTF-8?q?<fix>=20=E4=BF=AE=E5=A4=8D=E5=91=8A=E8=AD=A6?=
 =?UTF-8?q?=EF=BC=8C=E6=A3=80=E6=9F=A5=E5=85=A5=E5=8F=82=E6=8C=87=E9=92=88?=
 =?UTF-8?q?=E6=98=AF=E5=90=A6=E4=B8=BA=E7=A9=BA?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: xiacong <xiacong4@huawei.com>
---
 services/modules/seccomp/seccomp_policy.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/services/modules/seccomp/seccomp_policy.c b/services/modules/seccomp/seccomp_policy.c
index 1b25b0c8..8d9f5b7e 100644
--- a/services/modules/seccomp/seccomp_policy.c
+++ b/services/modules/seccomp/seccomp_policy.c
@@ -61,6 +61,10 @@ static bool IsSupportFilterFlag(unsigned int filterFlag)
 
 static bool InstallSeccompPolicy(const struct sock_filter* filter, size_t filterSize, unsigned int filterFlag)
 {
+    if (filter == NULL) {
+        return false;
+    }
+
     unsigned int flag = 0;
     struct sock_fprog prog = {
         (unsigned short)filterSize,
@@ -105,6 +109,11 @@ static char *GetFilterFileByName(const char *filterName)
 static int GetSeccompPolicy(const char *filterName, int **handler,
                             char *filterLibRealPath, struct sock_fprog *prog)
 {
+    if (filterName == NULL || filterLibRealPath == NULL || \
+        handler == NULL || prog == NULL) {
+        return INPUT_ERROR;
+    }
+
     char filterVaribleName[PATH_MAX] = {0};
     struct sock_filter *filter = NULL;
     size_t *filterSize = NULL;
@@ -156,6 +165,10 @@ static int GetSeccompPolicy(const char *filterName, int **handler,
 
 bool SetSeccompPolicyWithName(const char *filterName)
 {
+    if (filterName == NULL) {
+        return false;
+    }
+
     void *handler = NULL;
     char *filterLibRealPath = NULL;
     struct sock_fprog prog;
-- 
GitLab