From: Martin Wilck <mwilck@suse.com>
Date: Fri, 5 Mar 2021 22:51:31 +0000 (+0100)
Subject: fabrics: fix invalid memory access in discover_from_conf_file()
X-Git-Tag: v1.14~26^2~1
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=415b1e1d5a9ec5600909b2e3fabfdcc1c8eb0077;p=users%2Fsagi%2Fnvme-cli.git

fabrics: fix invalid memory access in discover_from_conf_file()

argconfig_parse() assigns pointers in cfg to point to memory allocated
in all_args. If this memory is freed, these pointers become dangling.
This is particularly dangerous if discovery.conf contains empty lines,
comment lines, or invalid lines.

Fix it by setting all transport parameter to NULL after processing each
line, and not proceeding if the basic parameters aren't set.
---

diff --git a/fabrics.c b/fabrics.c
index f9e5dc6b..c9324bbf 100644
--- a/fabrics.c
+++ b/fabrics.c
@@ -1506,6 +1506,9 @@ static int discover_from_conf_file(const char *desc, char *argstr,
 		if (err)
 			goto free_and_continue;
 
+		if (!cfg.transport || !cfg.traddr)
+			goto free_and_continue;
+
 		err = flags = validate_output_format(cfg.output_format);
 		if (err < 0)
 			goto free_and_continue;
@@ -1533,6 +1536,8 @@ static int discover_from_conf_file(const char *desc, char *argstr,
 free_and_continue:
 		free(all_args);
 		free(argv);
+		cfg.transport = cfg.traddr = cfg.trsvcid =
+			cfg.host_traddr = NULL;
 	}
 
 out: