[PATCH] net: 9p: Fix possible null-pointer dereference in p9_cm_event_handler()
From: Tuo Li
Date: Tue Aug 10 2021 - 09:21:20 EST
The variable rdma is checked when event->event is equal to
RDMA_CM_EVENT_DISCONNECTED:
if (rdma)
This indicates that it can be NULL. If so, a null-pointer dereference will
occur when calling complete():
complete(&rdma->cm_done);
To fix this possible null-pointer dereference, calling complete() only
when rdma is not NULL.
Reported-by: TOTE Robot <oslab@xxxxxxxxxxxxxxx>
Signed-off-by: Tuo Li <islituo@xxxxxxxxx>
---
net/9p/trans_rdma.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/9p/trans_rdma.c b/net/9p/trans_rdma.c
index af0a8a6cd3fd..fb3435dfd071 100644
--- a/net/9p/trans_rdma.c
+++ b/net/9p/trans_rdma.c
@@ -285,7 +285,8 @@ p9_cm_event_handler(struct rdma_cm_id *id, struct rdma_cm_event *event)
default:
BUG();
}
- complete(&rdma->cm_done);
+ if (rdma)
+ complete(&rdma->cm_done);
return 0;
}
--
2.25.1