fabrics: fix invalid memory access in discover_from_conf_file()

argconfig_parse() assigns pointers in cfg to point to memory allocated
in all_args. If this memory is freed, these pointers become dangling.
This is particularly dangerous if discovery.conf contains empty lines,
comment lines, or invalid lines.

Fix it by setting all transport parameter to NULL after processing each
line, and not proceeding if the basic parameters aren't set.

diff --git a/fabrics.c b/fabrics.c
index f9e5dc6b30ecf70b2519125e96da0095c8314978..c9324bbf3b65c135ce05017655eec4712401f1f7 100644 (file)
--- a/fabrics.c
+++ b/fabrics.c
@@ -1506,6 +1506,9 @@ static int discover_from_conf_file(const char *desc, char *argstr,
                if (err)
                        goto free_and_continue;
 
+               if (!cfg.transport || !cfg.traddr)
+                       goto free_and_continue;
+
                err = flags = validate_output_format(cfg.output_format);
                if (err < 0)
                        goto free_and_continue;
@@ -1533,6 +1536,8 @@ static int discover_from_conf_file(const char *desc, char *argstr,
 free_and_continue:
                free(all_args);
                free(argv);
+               cfg.transport = cfg.traddr = cfg.trsvcid =
+                       cfg.host_traddr = NULL;
        }
 
 out: