Re: [PATCH V2] [nfs/nfs-utils/libtirpc] clnt_raw.c: fix a possible null... | linux-nfs

Re: [PATCH V2] [nfs/nfs-utils/libtirpc] clnt_raw.c: fix a possible null pointer dereference

From: Steve Dickson <hidden>
Date: 2022-10-28 18:49:33


On 10/28/22 5:10 AM, Zhi Li wrote:

Since clntraw_private could be dereferenced before
allocated, protect it by checking its value in advance.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2138317
Signed-off-by: Zhi Li <redacted>

Committed...

steved.

quoted hunk ↗ jump to hunk

---
  src/clnt_raw.c | 6 ++++--
  1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/clnt_raw.c b/src/clnt_raw.c
index 31f9d0c..03f839d 100644
--- a/src/clnt_raw.c
+++ b/src/clnt_raw.c

@@ -142,7 +142,7 @@ clnt_raw_call(h, proc, xargs, argsp, xresults, resultsp, timeout)
  	struct timeval timeout;
  {
  	struct clntraw_private *clp = clntraw_private;
-	XDR *xdrs = &clp->xdr_stream;
+	XDR *xdrs;
  	struct rpc_msg msg;
  	enum clnt_stat status;
  	struct rpc_err error;

@@ -154,6 +154,7 @@ clnt_raw_call(h, proc, xargs, argsp, xresults, resultsp, timeout)
  		mutex_unlock(&clntraw_lock);
  		return (RPC_FAILED);
  	}
+	xdrs = &clp->xdr_stream;
  	mutex_unlock(&clntraw_lock);
  
  call_again:

@@ -245,7 +246,7 @@ clnt_raw_freeres(cl, xdr_res, res_ptr)
  	void *res_ptr;
  {
  	struct clntraw_private *clp = clntraw_private;
-	XDR *xdrs = &clp->xdr_stream;
+	XDR *xdrs;
  	bool_t rval;
  
  	mutex_lock(&clntraw_lock);

@@ -254,6 +255,7 @@ clnt_raw_freeres(cl, xdr_res, res_ptr)
  		mutex_unlock(&clntraw_lock);
  		return (rval);
  	}
+	xdrs = &clp->xdr_stream;
  	mutex_unlock(&clntraw_lock);
  	xdrs->x_op = XDR_FREE;
  	return ((*xdr_res)(xdrs, res_ptr));

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help