From: Heloise <os@iscas.ac.cn>
To: philipp.reisner@linbit.com, lars.ellenberg@linbit.com
Cc: drbd-dev@lists.linbit.com, linux-kernel@vger.kernel.org,
        Heloise <os@iscas.ac.cn>
Subject: [PATCH] drivers:block:drbd:drbd_state:fix null-pointer dereference
Date: Mon, 24 Apr 2017 23:35:18 -0700
Message-Id: <1493102118-8086-1-git-send-email-os@iscas.ac.cn>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 906
Lines: 26

Signed-off-by: Heloise <os@iscas.ac.cn>

In is_valid_state(), there is NULL validation for the variable nc
"if (nc)". However,the code will continue to execute when nc is NULL.
nc->verify_alg[0] is used in subsequent code, which may cause
null-pointer dereference, fix it.
---
 drivers/block/drbd/drbd_state.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/block/drbd/drbd_state.c b/drivers/block/drbd/drbd_state.c
index eea0c4a..1963b83 100644
--- a/drivers/block/drbd/drbd_state.c
+++ b/drivers/block/drbd/drbd_state.c
@@ -845,7 +845,7 @@ is_valid_state(struct drbd_device *device, union drbd_state ns)
 		rv = SS_CONNECTED_OUTDATES;
 
 	else if ((ns.conn == C_VERIFY_S || ns.conn == C_VERIFY_T) &&
-		 (nc->verify_alg[0] == 0))
+		 (nc != NULL && nc->verify_alg[0] == 0))
 		rv = SS_NO_VERIFY_ALG;
 
 	else if ((ns.conn == C_VERIFY_S || ns.conn == C_VERIFY_T) &&
-- 
2.1.0