From 7e1e9fe2bd93d2af0fe8a7ce25388d302dcc96ff Mon Sep 17 00:00:00 2001
From: David Bauer <mail@david-bauer.net>
Date: Mon, 14 Jun 2021 11:08:38 +0200
Subject: [PATCH] gluon-mesh-vpn-core: avoid reading null pointer

In case the limit_ingress or limit_egress options are not present in
gluon's mesh_vpn section the respondd provider compares a string literal
with a NULL pointer, crashing respondd.

Check both pointers prior to comparing them in order to mitigate this
issue.

Suggested-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: David Bauer <mail@david-bauer.net>
---
 package/gluon-mesh-vpn-core/src/respondd.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/gluon-mesh-vpn-core/src/respondd.c b/package/gluon-mesh-vpn-core/src/respondd.c
index a643319c..8f11a35f 100644
--- a/package/gluon-mesh-vpn-core/src/respondd.c
+++ b/package/gluon-mesh-vpn-core/src/respondd.c
@@ -60,11 +60,11 @@ static struct json_object * get_bandwidth_limit(void) {
 	enabled = true;
 
 	const char *egress_str = uci_lookup_option_string(ctx, s, "limit_egress");
-	if (strcmp(egress_str, "-"))
+	if (egress_str && strcmp(egress_str, "-"))
 		egress = atoi(egress_str);
 
 	const char *ingress_str = uci_lookup_option_string(ctx, s, "limit_ingress");
-	if (strcmp(ingress_str, "-"))
+	if (ingress_str && strcmp(ingress_str, "-"))
 		ingress = atoi(ingress_str);
 
 	if (egress >= 0)