From patchwork Thu Mar 31 13:32:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Chestnyh X-Patchwork-Id: 52527 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 749AE3898C67 for ; Thu, 31 Mar 2022 13:33:10 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mxout02.lancloud.ru (mxout02.lancloud.ru [45.84.86.82]) by sourceware.org (Postfix) with ESMTPS id 0A0B9385843E for ; Thu, 31 Mar 2022 13:32:57 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 0A0B9385843E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=omp.ru Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=omp.ru Received: from LanCloud DKIM-Filter: OpenDKIM Filter v2.11.0 mxout02.lancloud.ru 226FC22F1317 Received: from LanCloud Received: from LanCloud Received: from LanCloud From: Dmitry Chestnyh To: Subject: [PATCH] [sunrpc] Fix possible null-pointer dereference. Date: Thu, 31 Mar 2022 16:32:53 +0300 Message-ID: <20220331133253.351748-1-d.chestnyh@omp.ru> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Originating-IP: [192.168.11.198] X-ClientProxiedBy: LFEXT01.lancloud.ru (fd00:f066::141) To LFEX1912.lancloud.ru (fd00:f066::166) X-Spam-Status: No, score=-13.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, T_SCC_BODY_TEXT_LINE, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Dmitry Chestnyh Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" This issue was found by SVACE static analyzer. In clntunix_call function there are no obvious checks of xdr_results ptr value. And seems that we can't be sure that this pointer isn't NULL. --- sunrpc/clnt_unix.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sunrpc/clnt_unix.c b/sunrpc/clnt_unix.c index 33a02cc8af..8c303d3ef6 100644 --- a/sunrpc/clnt_unix.c +++ b/sunrpc/clnt_unix.c @@ -278,6 +278,7 @@ call_again: _seterr_reply (&reply_msg, &(ct->ct_error)); if (ct->ct_error.re_status == RPC_SUCCESS) { + assert(xdr_results != NULL); if (!AUTH_VALIDATE (h->cl_auth, &reply_msg.acpted_rply.ar_verf)) { ct->ct_error.re_status = RPC_AUTHERROR;