diff options
| author | Shwetha K Acharya <sacharya@redhat.com> | 2018-09-14 10:27:56 +0530 |
|---|---|---|
| committer | Amar Tumballi <amarts@redhat.com> | 2018-09-17 12:23:09 +0000 |
| commit | f2137d4c84c035ed320f959dc39e07c6a1516afb (patch) | |
| tree | 14b7f6ae15ff9d5b122bce78ab5142f33399eaaa /xlators | |
| parent | f7f281900b3c87e3626d79bd9599c905faaf11ed (diff) | |
protocol/server: NULL pointer dereferencing clang fix
Problem: Access to field fop_length results in null pointer dereferencing.
Solution: Added condition checks fix the issue.
Change-Id: Id408e3ac62ea9574f0cd9aecce5434add09eb7d0
Updates: bz#1622665
Signed-off-by: Shwetha K Acharya <sacharya@redhat.com>
Diffstat (limited to 'xlators')
| -rw-r--r-- | xlators/protocol/server/src/server-rpc-fops.c | 9 | ||||
| -rw-r--r-- | xlators/protocol/server/src/server-rpc-fops_v2.c | 9 |
2 files changed, 14 insertions, 4 deletions
diff --git a/xlators/protocol/server/src/server-rpc-fops.c b/xlators/protocol/server/src/server-rpc-fops.c index c621743fa06..9631c353f69 100644 --- a/xlators/protocol/server/src/server-rpc-fops.c +++ b/xlators/protocol/server/src/server-rpc-fops.c @@ -2292,6 +2292,11 @@ server_compound_cbk(call_frame_t *frame, void *cookie, xlator_t *this, /* TODO: I assume a single 10MB payload is large, if not, we need to agree to valid payload */ + if (!args_cbk) { + op_ret = -1; + goto out; + } + if ((args_cbk->fop_length <= 0) || ((args_cbk->fop_length > (10 * 1024 * 1024)))) { op_ret = -1; @@ -2326,8 +2331,8 @@ out: server_submit_reply(frame, req, &rsp, NULL, 0, NULL, (xdrproc_t)xdr_gfs3_compound_rsp); - - server_compound_rsp_cleanup(&rsp, args_cbk); + if (args_cbk) + server_compound_rsp_cleanup(&rsp, args_cbk); GF_FREE(rsp.xdata.xdata_val); return 0; diff --git a/xlators/protocol/server/src/server-rpc-fops_v2.c b/xlators/protocol/server/src/server-rpc-fops_v2.c index 21df9021c66..f921a22df86 100644 --- a/xlators/protocol/server/src/server-rpc-fops_v2.c +++ b/xlators/protocol/server/src/server-rpc-fops_v2.c @@ -5944,6 +5944,11 @@ server4_compound_cbk(call_frame_t *frame, void *cookie, xlator_t *this, /* TODO: I assume a single 10MB payload is large, if not, we need to agree to valid payload */ + if (!args_cbk) { + op_ret = -1; + goto out; + } + if ((args_cbk->fop_length <= 0) || ((args_cbk->fop_length > (10 * 1024 * 1024)))) { op_ret = -1; @@ -5978,8 +5983,8 @@ out: server_submit_reply(frame, req, &rsp, NULL, 0, NULL, (xdrproc_t)xdr_gfx_compound_rsp); - - server_compound_rsp_cleanup_v2(&rsp, args_cbk); + if (args_cbk) + server_compound_rsp_cleanup_v2(&rsp, args_cbk); GF_FREE(rsp.xdata.pairs.pairs_val); return 0; |