From: Boaz Harrosh Date: Sun, 8 Feb 2009 16:02:22 +0000 (+0200) Subject: [SCSI] libosd: Fix NULL dereference BUG when target is not OSD conformant X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=97218a1499391b174ea95e05b7a40fbb73e79813;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git [SCSI] libosd: Fix NULL dereference BUG when target is not OSD conformant Very old OSC's Target had a BUG in the Get/Set attributes where it was looking in the wrong places for attribute lists length. If used with the open-osd initiator, the initiator would dereference a NULL pointer when retrieving system_information attributes. Checks are added that retrieval of each attribute is successful before accessing its value. Signed-off-by: Boaz Harrosh Signed-off-by: James Bottomley --- diff --git a/drivers/scsi/osd/osd_initiator.c b/drivers/scsi/osd/osd_initiator.c index 0bbbf271fbb0..552f58b655d1 100644 --- a/drivers/scsi/osd/osd_initiator.c +++ b/drivers/scsi/osd/osd_initiator.c @@ -131,7 +131,7 @@ static int _osd_print_system_info(struct osd_dev *od, void *caps) pFirst = get_attrs[a++].val_ptr; OSD_INFO("OSD_ATTR_RI_PRODUCT_REVISION_LEVEL [%u]\n", - get_unaligned_be32(pFirst)); + pFirst ? get_unaligned_be32(pFirst) : ~0U); pFirst = get_attrs[a++].val_ptr; OSD_INFO("OSD_ATTR_RI_PRODUCT_SERIAL_NUMBER [%s]\n", @@ -143,15 +143,18 @@ static int _osd_print_system_info(struct osd_dev *od, void *caps) pFirst = get_attrs[a++].val_ptr; OSD_INFO("OSD_ATTR_RI_TOTAL_CAPACITY [0x%llx]\n", - _LLU(get_unaligned_be64(pFirst))); + pFirst ? _LLU(get_unaligned_be64(pFirst)) : ~0ULL); pFirst = get_attrs[a++].val_ptr; OSD_INFO("OSD_ATTR_RI_USED_CAPACITY [0x%llx]\n", - _LLU(get_unaligned_be64(pFirst))); + pFirst ? _LLU(get_unaligned_be64(pFirst)) : ~0ULL); pFirst = get_attrs[a++].val_ptr; OSD_INFO("OSD_ATTR_RI_NUMBER_OF_PARTITIONS [%llu]\n", - _LLU(get_unaligned_be64(pFirst))); + pFirst ? _LLU(get_unaligned_be64(pFirst)) : ~0ULL); + + if (a >= nelem) + goto out; /* FIXME: Where are the time utilities */ pFirst = get_attrs[a++].val_ptr;