[U-Boot] [PATCH] Removed possible null dereference by wrapping 'strchr' with 'if'.

[Niv]

Signed-off-by: Niv Shetrit <niv.shetrit at altair-semi.com>
---
 common/cli_hush.c | 80 +++++++++++++++++++++++++++--------------------
 1 file changed, 46 insertions(+), 34 deletions(-)

diff --git a/common/cli_hush.c b/common/cli_hush.c
index 8f86e4aa4a..a9588bbef2 100644
--- a/common/cli_hush.c
+++ b/common/cli_hush.c
@@ -3539,41 +3539,53 @@ static char *insert_var_value_sub(char *inp, int tag_subst)
 		}
 		inp = ++p;
 		/* find the ending marker */
-		p = strchr(inp, SPECIAL_VAR_SYMBOL);
-		*p = '\0';
-		/* look up the value to substitute */
-		if ((p1 = lookup_param(inp))) {
-			if (tag_subst)
-				len = res_str_len + strlen(p1) + 2;
-			else
-				len = res_str_len + strlen(p1);
-			res_str = xrealloc(res_str, (1 + len));
-			if (tag_subst) {
-				/*
-				 * copy the variable value to the result
-				 * string
-				 */
-				strcpy((res_str + res_str_len + 1), p1);
-
-				/*
-				 * mark the replaced text to be accepted as
-				 * is
-				 */
-				res_str[res_str_len] = SUBSTED_VAR_SYMBOL;
-				res_str[res_str_len + 1 + strlen(p1)] =
-					SUBSTED_VAR_SYMBOL;
-			} else
-				/*
-				 * copy the variable value to the result
-				 * string
-				 */
-				strcpy((res_str + res_str_len), p1);
-
-			res_str_len = len;
-		}
-		*p = SPECIAL_VAR_SYMBOL;
+		while ((p = strchr(inp, SPECIAL_VAR_SYMBOL))) {
+		/* check the beginning of the string for normal characters */
+		if (p != inp) {
+			/* copy any characters to the result string */
+			len = p - inp;
+			res_str = xrealloc(res_str, (res_str_len + len));
+			strncpy((res_str + res_str_len), inp, len);
+			res_str_len += len;
+		}
 		inp = ++p;
-		done = 1;
+		/* find the ending marker */
+		if ((p = strchr(inp, SPECIAL_VAR_SYMBOL))) {
+			*p = '\0';
+			/* look up the value to substitute */
+			if ((p1 = lookup_param(inp))) {
+				if (tag_subst)
+					len = res_str_len + strlen(p1) + 2;
+				else
+					len = res_str_len + strlen(p1);
+				res_str = xrealloc(res_str, (1 + len));
+				if (tag_subst) {
+					/*
+					 * copy the variable value to the result
+					 * string
+					 */
+					strcpy((res_str + res_str_len + 1), p1);
+
+					/*
+					 * mark the replaced text to be accepted as
+					 * is
+					 */
+					res_str[res_str_len] = SUBSTED_VAR_SYMBOL;
+					res_str[res_str_len + 1 + strlen(p1)] =
+						SUBSTED_VAR_SYMBOL;
+				} else
+					/*
+					 * copy the variable value to the result
+					 * string
+					 */
+					strcpy((res_str + res_str_len), p1);
+
+				res_str_len = len;
+			}
+			*p = SPECIAL_VAR_SYMBOL;
+			inp = ++p;
+			done = 1;
+		}
 	}
 	if (done) {
 		res_str = xrealloc(res_str, (1 + res_str_len + strlen(inp)));
-- 
2.17.1