From patchwork Tue Sep 27 04:38:48 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Li Qiang <liq3ea@gmail.com>
X-Patchwork-Id: 675390
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3sjp604pMpz9sdg
	for <incoming@patchwork.ozlabs.org>;
	Tue, 27 Sep 2016 14:39:52 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=nxve4zeN;
	dkim-atps=neutral
Received: from localhost ([::1]:47970 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1bokBG-00012a-FI
	for incoming@patchwork.ozlabs.org; Tue, 27 Sep 2016 00:39:46 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:39487)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <liq3ea@gmail.com>) id 1bokAc-0000es-Gz
	for qemu-devel@nongnu.org; Tue, 27 Sep 2016 00:39:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <liq3ea@gmail.com>) id 1bokAW-0005Au-Hd
	for qemu-devel@nongnu.org; Tue, 27 Sep 2016 00:39:05 -0400
Received: from mail-oi0-x243.google.com ([2607:f8b0:4003:c06::243]:34134)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <liq3ea@gmail.com>) id 1bokAW-0005Ag-9t
	for qemu-devel@nongnu.org; Tue, 27 Sep 2016 00:39:00 -0400
Received: by mail-oi0-x243.google.com with SMTP id a62so165004oib.1
	for <qemu-devel@nongnu.org>; Mon, 26 Sep 2016 21:39:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=message-id:from:to:cc:subject:date;
	bh=6qQ/nx+50XanqL6aQRI00F6nikdgChi3ggdCthe+eIE=;
	b=nxve4zeNyxENnJZ2Ky3RMQif9qR4hdl+i2nbuy/9iKKLf9mDnczMsw3PYNrQXAJo08
	oJci5DuhceH8Ew76rYXSdicv+l/V4RQmdzs7ql4oojumrb2LbjCIqokS427zH4s04WU/
	fpLqMn9tWozXdJBu1Cx53Qp8grsy+IWiufJMPH/nOS1muGcSof79ePzYwSAyT2uX1ana
	JD3Oj9A4rR7Xdw3ycah+6n8Bnq5qGwLSUE9BeuZWY06LxC6hPWaBx98+RMg+fuKl4w8c
	H1mU6Wc1vJpfdeA4t06Zw4JWXLWC032qW4vF9gHhXd8aEnEDzOusoWPwwheKAIIWIAS4
	YrHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:message-id:from:to:cc:subject:date;
	bh=6qQ/nx+50XanqL6aQRI00F6nikdgChi3ggdCthe+eIE=;
	b=Yl0FBX/+HzkFIU/AYHM+2rwgO44qB0tivNXAXGbwlsCIudLCE+SEOjYkaMZ0K+oB7d
	wvlbbrPqqf+COKK3OWV207Ys37/4QpFZZtTUUUDEEItCrBMcl+Gf2gHFdnt3ZIB9jI5X
	lhIbybm4YqwdHaAJAvRIP7r0w2UAxTfZ7EbyTsJzrlVsA+joNNHqTIEorqU6TSWF/wFW
	8I/zjUtLXx3JKaQhaPwiDEFyAV98PVHIUsmfHLB62a6wi1wZyUodibkx1FTsVTQJCgT/
	6iNXSsOrqzGGRvfbTX03Qu0FqoK9xuvrEOaJSdLdYgjR5ndCl+8sSeoXgJc3QfFt/dNJ
	tB0g==
X-Gm-Message-State: 
 AE9vXwPE6+elfJnYrNJ0YwBySQ1v7gMWQNeoOJdFct8ZFjE7guoE+Iajxc9slbQmZIB3xw==
X-Received: by 10.202.197.148 with SMTP id
	v142mr32384114oif.110.1474951139424;
	Mon, 26 Sep 2016 21:38:59 -0700 (PDT)
Received: from localhost.localdomain.localdomain ([104.192.110.250])
	by smtp.gmail.com with ESMTPSA id
	m66sm155047oia.25.2016.09.26.21.38.57
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 26 Sep 2016 21:38:58 -0700 (PDT)
Message-ID: <57e9f7e2.453fca0a.ec394.0b36@mx.google.com>
X-Google-Original-Message-ID: 
 <1474951128-15879-1-git-send-email-Qiang(liqiang6-s@360.cn)>
From: Li Qiang <liq3ea@gmail.com>
X-Google-Original-From: Li Qiang(liqiang6-s@360.cn)
To: aneesh.kumar@linux.vnet.ibm.com, groug@kaod.org, qemu-devel@nongnu.org
Date: Mon, 26 Sep 2016 21:38:48 -0700
X-Mailer: git-send-email 1.8.3.1
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2607:f8b0:4003:c06::243
Subject: [Qemu-devel] [PATCH] 9pfs: fix NULL pointer dereference in
	v9fs_version
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Li Qiang <liqiang6-s@360.cn>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

From: Li Qiang <liqiang6-s@360.cn>

In 9pfs get version dispatch function, a guest can provide a NULL
version string thus causing an NULL pointer dereference issue.
This patch fix this issue.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
---
 hw/9pfs/9p.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 119ee58..dd3145c 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -955,6 +955,11 @@ static void v9fs_version(void *opaque)
         offset = err;
         goto out;
     }
+
+    if (!version.data) {
+        offset = -EINVAL;
+        goto out;
+    }
     trace_v9fs_version(pdu->tag, pdu->id, s->msize, version.data);
 
     virtfs_reset(pdu);