From 0dd08092c2ed1f949adc10638784c3212cdb59c3 Mon Sep 17 00:00:00 2001 From: Dmitry Eremin Date: Sun, 27 Apr 2014 13:06:34 -0400 Subject: [PATCH] staging/lustre/gss: fix few issues found by Klocwork Insight tool Array 'message_buf' of size 500 may use index value(s) -1 Object 'enc_key.data' was freed at line 164 after being freed by calling 'free' at line 150. Also there are 3 similar errors on line(s) 164. Suspicious dereference of pointer 'vmsg' before NULL check at line 187. Also there are 2 similar errors on line(s) 196, 205. Suspicious dereference of pointer 'rmsg' before NULL check at line 191. Also there are 2 similar errors on line(s) 200, 209. Signed-off-by: Dmitry Eremin Reviewed-on: http://review.whamcloud.com/9274 Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-4629 Reviewed-by: John L. Hammond Reviewed-by: James Simmons Signed-off-by: Oleg Drokin Signed-off-by: Greg Kroah-Hartman --- drivers/staging/lustre/lustre/ptlrpc/gss/gss_bulk.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/staging/lustre/lustre/ptlrpc/gss/gss_bulk.c b/drivers/staging/lustre/lustre/ptlrpc/gss/gss_bulk.c index 7852bf30a3a0..93794bd928cb 100644 --- a/drivers/staging/lustre/lustre/ptlrpc/gss/gss_bulk.c +++ b/drivers/staging/lustre/lustre/ptlrpc/gss/gss_bulk.c @@ -176,31 +176,31 @@ int gss_cli_ctx_unwrap_bulk(struct ptlrpc_cli_ctx *ctx, switch (SPTLRPC_FLVR_SVC(req->rq_flvr.sf_rpc)) { case SPTLRPC_SVC_NULL: vmsg = req->rq_repdata; + LASSERT(vmsg != NULL && vmsg->lm_bufcount >= 3); voff = vmsg->lm_bufcount - 1; - LASSERT(vmsg && vmsg->lm_bufcount >= 3); rmsg = req->rq_reqbuf; + LASSERT(rmsg != NULL && rmsg->lm_bufcount >= 3); roff = rmsg->lm_bufcount - 1; /* last segment */ - LASSERT(rmsg && rmsg->lm_bufcount >= 3); break; case SPTLRPC_SVC_AUTH: case SPTLRPC_SVC_INTG: vmsg = req->rq_repdata; + LASSERT(vmsg != NULL && vmsg->lm_bufcount >= 4); voff = vmsg->lm_bufcount - 2; - LASSERT(vmsg && vmsg->lm_bufcount >= 4); rmsg = req->rq_reqbuf; + LASSERT(rmsg != NULL && rmsg->lm_bufcount >= 4); roff = rmsg->lm_bufcount - 2; /* second last segment */ - LASSERT(rmsg && rmsg->lm_bufcount >= 4); break; case SPTLRPC_SVC_PRIV: vmsg = req->rq_repdata; + LASSERT(vmsg != NULL && vmsg->lm_bufcount >= 2); voff = vmsg->lm_bufcount - 1; - LASSERT(vmsg && vmsg->lm_bufcount >= 2); rmsg = req->rq_clrbuf; + LASSERT(rmsg != NULL && rmsg->lm_bufcount >= 2); roff = rmsg->lm_bufcount - 1; /* last segment */ - LASSERT(rmsg && rmsg->lm_bufcount >= 2); break; default: LBUG(); -- 2.20.1