[PATCH v2 1/3] dm: fix NULL pointer dereference risk in vhost vsock


Yonghua Huang
 

From: Yonghua Huang <yonghua.huang@...>

Pointer 'vsock->vhost_vsock' returned from call to function
'vhost_vsock_init' may be NULL and will be dereferenced when
calling 'vhost_vsock_set_guest_cid()'.

Signed-off-by: Yonghua Huang <yonghua.huang@...>
---
devicemodel/hw/pci/virtio/vhost_vsock.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/devicemodel/hw/pci/virtio/vhost_vsock.c b/devicemodel/hw/pci/virtio/vhost_vsock.c
index 563505c25..4892ab3d8 100644
--- a/devicemodel/hw/pci/virtio/vhost_vsock.c
+++ b/devicemodel/hw/pci/virtio/vhost_vsock.c
@@ -239,6 +239,7 @@ virtio_vhost_vsock_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts)
pthread_mutexattr_t attr;
char *devopts = NULL;
char *tmp = NULL;
+ struct vhost_vsock *vhost_vsock;

if (opts == NULL) {
pr_err(("vsock: must have a valid guest_cid.\n"));
@@ -296,16 +297,18 @@ virtio_vhost_vsock_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts)
pci_set_cfgdata16(dev, PCIR_REVID, 1);

virtio_set_modern_bar(&vsock->base, false);
-
- vsock->vhost_vsock = vhost_vsock_init(&vsock->base, 0);
+ vhost_vsock = vhost_vsock_init(&vsock->base, 0);
+ if (!vhost_vsock) {
+ pr_err("vhost vosck init failed.");
+ free(vsock);
+ return -1;
+ }
+ vsock->vhost_vsock = vhost_vsock;
vhost_vsock_set_guest_cid(&vsock->vhost_vsock->vdev, vsock->config.guest_cid);

if (virtio_interrupt_init(&vsock->base, virtio_uses_msix())) {
- if (vsock) {
- if (vsock->vhost_vsock)
- vhost_vsock_deinit(vsock->vhost_vsock);
- free(vsock);
- }
+ vhost_vsock_deinit(vsock->vhost_vsock);
+ free(vsock);
return -1;
}
return 0;
--
2.25.1