In case iscsi_lookup_endpoint fails, the fix returns -EINVAL to
avoid NULL pointer dereference.
Signed-off-by: Kangjie Lu <[email protected]>
---
drivers/scsi/qla4xxx/ql4_os.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
index a77bfb224248..80289c885c07 100644
--- a/drivers/scsi/qla4xxx/ql4_os.c
+++ b/drivers/scsi/qla4xxx/ql4_os.c
@@ -3203,6 +3203,8 @@ static int qla4xxx_conn_bind(struct iscsi_cls_session *cls_session,
if (iscsi_conn_bind(cls_session, cls_conn, is_leading))
return -EINVAL;
ep = iscsi_lookup_endpoint(transport_fd);
+ if (!ep)
+ return -EINVAL;
conn = cls_conn->dd_data;
qla_conn = conn->dd_data;
qla_conn->qla_ep = ep->dd_data;
--
2.17.1
On 3/14/19 1:30 AM, Kangjie Lu wrote:
> In case iscsi_lookup_endpoint fails, the fix returns -EINVAL to
> avoid NULL pointer dereference.
>
> Signed-off-by: Kangjie Lu <[email protected]>
> ---
> drivers/scsi/qla4xxx/ql4_os.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
> index a77bfb224248..80289c885c07 100644
> --- a/drivers/scsi/qla4xxx/ql4_os.c
> +++ b/drivers/scsi/qla4xxx/ql4_os.c
> @@ -3203,6 +3203,8 @@ static int qla4xxx_conn_bind(struct iscsi_cls_session *cls_session,
> if (iscsi_conn_bind(cls_session, cls_conn, is_leading))
> return -EINVAL;
> ep = iscsi_lookup_endpoint(transport_fd);
> + if (!ep)
> + return -EINVAL;
> conn = cls_conn->dd_data;
> qla_conn = conn->dd_data;
> qla_conn->qla_ep = ep->dd_data;
Gentle reminder, could someone please review this ?
> -----Original Message-----
> From: [email protected] <linux-scsi-
> [email protected]> On Behalf Of Kangjie Lu
> Sent: Thursday, March 14, 2019 12:01 PM
> To: [email protected]
> Cc: [email protected]; [email protected]; James E.J.
> Bottomley <[email protected]>; Martin K. Petersen
> <[email protected]>; [email protected]; linux-
> [email protected]
> Subject: [PATCH] scsi: qla4xxx: fix a potential NULL pointer dereference
>
> In case iscsi_lookup_endpoint fails, the fix returns -EINVAL to avoid NULL
> pointer dereference.
>
> Signed-off-by: Kangjie Lu <[email protected]>
> ---
> drivers/scsi/qla4xxx/ql4_os.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
> index a77bfb224248..80289c885c07 100644
> --- a/drivers/scsi/qla4xxx/ql4_os.c
> +++ b/drivers/scsi/qla4xxx/ql4_os.c
> @@ -3203,6 +3203,8 @@ static int qla4xxx_conn_bind(struct
> iscsi_cls_session *cls_session,
> if (iscsi_conn_bind(cls_session, cls_conn, is_leading))
> return -EINVAL;
> ep = iscsi_lookup_endpoint(transport_fd);
> + if (!ep)
> + return -EINVAL;
> conn = cls_conn->dd_data;
> qla_conn = conn->dd_data;
> qla_conn->qla_ep = ep->dd_data;
> --
> 2.17.1
Thanks
Acked-by: Manish Rangankar <[email protected]>
Kangjie,
> In case iscsi_lookup_endpoint fails, the fix returns -EINVAL to avoid
> NULL pointer dereference.
Applied to 5.1/scsi-fixes, thanks.
--
Martin K. Petersen Oracle Linux Engineering