FreeBSD Bugzilla – Attachment 231294 Details for
Bug 261454
Fix a possible Null pointer dereference about svc_xprt_alloc()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
A simple fix for this bugs
0001-Fix-a-possible-Null-pointer-dereference-about-svc_xp.patch (text/plain), 1.66 KB, created by
Zhou Qingyang
on 2022-01-25 04:18:40 UTC
(
hide
)
Description:
A simple fix for this bugs
Filename:
MIME Type:
Creator:
Zhou Qingyang
Created:
2022-01-25 04:18:40 UTC
Size:
1.66 KB
patch
obsolete
>From 06de85eaa2ef1b4a4b102304cfe9170dfacef895 Mon Sep 17 00:00:00 2001 >From: Zhou Qingyang <zhou1615@umn.edu> >Date: Tue, 25 Jan 2022 12:13:51 +0800 >Subject: [PATCH] Fix a possible Null pointer dereference about > svc_xprt_alloc() > >In sys/rpc/svc_vc.c() file, the return value of svc_xprt_alloc() is not > checked before the dereference in svc_vc_create_conn() function, > svc_vc_create_backchannel() function and svc_vc_create(). >svc_xprt_alloc() could return NULL on failure of allocation, > which could lead to NULL pointer dereference. > >Fix this bugs by adding checks of svc_xprt_alloc() in all three functions. > >This bug is found by static analyzer, please advise. > >Signed-off-by: Zhou Qingyang <zhou1615@umn.edu> >--- > sys/rpc/svc_vc.c | 6 ++++++ > 1 file changed, 6 insertions(+) > >diff --git a/sys/rpc/svc_vc.c b/sys/rpc/svc_vc.c >index b94137ef108..45379c7fc0f 100644 >--- a/sys/rpc/svc_vc.c >+++ b/sys/rpc/svc_vc.c >@@ -170,6 +170,8 @@ svc_vc_create(SVCPOOL *pool, struct socket *so, size_t sendsize, > SOCK_UNLOCK(so); > > xprt = svc_xprt_alloc(); >+ if (!xprt) >+ return (NULL); > sx_init(&xprt->xp_lock, "xprt->xp_lock"); > xprt->xp_pool = pool; > xprt->xp_socket = so; >@@ -246,6 +248,8 @@ svc_vc_create_conn(SVCPOOL *pool, struct socket *so, struct sockaddr *raddr) > cd->strm_stat = XPRT_IDLE; > > xprt = svc_xprt_alloc(); >+ if (!xprt) >+ return (NULL); > sx_init(&xprt->xp_lock, "xprt->xp_lock"); > xprt->xp_pool = pool; > xprt->xp_socket = so; >@@ -307,6 +311,8 @@ svc_vc_create_backchannel(SVCPOOL *pool) > cd->strm_stat = XPRT_IDLE; > > xprt = svc_xprt_alloc(); >+ if (!xprt) >+ return (NULL); > sx_init(&xprt->xp_lock, "xprt->xp_lock"); > xprt->xp_pool = pool; > xprt->xp_socket = NULL; >-- >2.25.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=231294">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 261454
: 231294