[PATCH V2] [nfs/nfs-utils/libtirpc] clnt_raw.c: fix a possible null pointer... | linux-nfs

[PATCH V2] [nfs/nfs-utils/libtirpc] clnt_raw.c: fix a possible null pointer dereference

From: Zhi Li <hidden>
Date: 2022-10-28 09:11:57
Subsystem: the rest · Maintainer: Linus Torvalds

Since clntraw_private could be dereferenced before
allocated, protect it by checking its value in advance.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2138317
Signed-off-by: Zhi Li <redacted>
---
 src/clnt_raw.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/clnt_raw.c b/src/clnt_raw.c
index 31f9d0c..03f839d 100644
--- a/src/clnt_raw.c
+++ b/src/clnt_raw.c

@@ -142,7 +142,7 @@ clnt_raw_call(h, proc, xargs, argsp, xresults, resultsp, timeout)
 	struct timeval timeout;
 {
 	struct clntraw_private *clp = clntraw_private;
-	XDR *xdrs = &clp->xdr_stream;
+	XDR *xdrs;
 	struct rpc_msg msg;
 	enum clnt_stat status;
 	struct rpc_err error;

@@ -154,6 +154,7 @@ clnt_raw_call(h, proc, xargs, argsp, xresults, resultsp, timeout)
 		mutex_unlock(&clntraw_lock);
 		return (RPC_FAILED);
 	}
+	xdrs = &clp->xdr_stream;
 	mutex_unlock(&clntraw_lock);
 
 call_again:

@@ -245,7 +246,7 @@ clnt_raw_freeres(cl, xdr_res, res_ptr)
 	void *res_ptr;
 {
 	struct clntraw_private *clp = clntraw_private;
-	XDR *xdrs = &clp->xdr_stream;
+	XDR *xdrs;
 	bool_t rval;
 
 	mutex_lock(&clntraw_lock);

@@ -254,6 +255,7 @@ clnt_raw_freeres(cl, xdr_res, res_ptr)
 		mutex_unlock(&clntraw_lock);
 		return (rval);
 	}
+	xdrs = &clp->xdr_stream;
 	mutex_unlock(&clntraw_lock);
 	xdrs->x_op = XDR_FREE;
 	return ((*xdr_res)(xdrs, res_ptr));

-- 
2.37.3

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help