From patchwork Thu Mar 31 13:32:53 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dmitry Chestnyh <d.chestnyh@omp.ru>
X-Patchwork-Id: 52527
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 749AE3898C67
	for <patchwork@sourceware.org>; Thu, 31 Mar 2022 13:33:10 +0000 (GMT)
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from mxout02.lancloud.ru (mxout02.lancloud.ru [45.84.86.82])
 by sourceware.org (Postfix) with ESMTPS id 0A0B9385843E
 for <libc-alpha@sourceware.org>; Thu, 31 Mar 2022 13:32:57 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 0A0B9385843E
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=omp.ru
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=omp.ru
Received: from LanCloud
DKIM-Filter: OpenDKIM Filter v2.11.0 mxout02.lancloud.ru 226FC22F1317
Received: from LanCloud
Received: from LanCloud
Received: from LanCloud
From: Dmitry Chestnyh <d.chestnyh@omp.ru>
To: <libc-alpha@sourceware.org>
Subject: [PATCH] [sunrpc] Fix possible null-pointer dereference.
Date: Thu, 31 Mar 2022 16:32:53 +0300
Message-ID: <20220331133253.351748-1-d.chestnyh@omp.ru>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
X-Originating-IP: [192.168.11.198]
X-ClientProxiedBy: LFEXT01.lancloud.ru (fd00:f066::141) To
 LFEX1912.lancloud.ru (fd00:f066::166)
X-Spam-Status: No, score=-13.9 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, T_SCC_BODY_TEXT_LINE,
 UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Cc: Dmitry Chestnyh <d.chestnyh@omp.ru>
Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org
Sender: "Libc-alpha"
 <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org>

This issue was found by SVACE static analyzer.
In clntunix_call function there are no
obvious checks of xdr_results ptr value.
And seems that we can't be sure that this pointer
isn't NULL.
---
 sunrpc/clnt_unix.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sunrpc/clnt_unix.c b/sunrpc/clnt_unix.c
index 33a02cc8af..8c303d3ef6 100644
--- a/sunrpc/clnt_unix.c
+++ b/sunrpc/clnt_unix.c
@@ -278,6 +278,7 @@ call_again:
   _seterr_reply (&reply_msg, &(ct->ct_error));
   if (ct->ct_error.re_status == RPC_SUCCESS)
     {
+      assert(xdr_results != NULL);
       if (!AUTH_VALIDATE (h->cl_auth, &reply_msg.acpted_rply.ar_verf))
 	{
 	  ct->ct_error.re_status = RPC_AUTHERROR;