check for a target being there before processing TargetAddress

Message-id: <1383729402-27559-12-git-send-email-pbonzini@redhat.com>

Patchwork-id: 55506

O-Subject: [PATCH 11/11] check for a target being there before processing TargetAddress

Bugzilla: 1026820

RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>

RH-Acked-by: Orit Wasserman <owasserm@redhat.com>

RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

Otherwise we access a NULL pointer.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

(cherry picked from commit 87ee6456217debfbb9a0180933ed84281e45a705)

---

 lib/discovery.c | 8 ++++++++

 1 file changed, 8 insertions(+)

diff --git a/lib/discovery.c b/lib/discovery.c

index 7396e71..178faef 100644

--- a/lib/discovery.c

+++ b/lib/discovery.c

@@ -169,6 +169,14 @@ iscsi_process_text_reply(struct iscsi_context *iscsi, struct iscsi_pdu *pdu,

 			target->next = targets;

 			targets = target;

 		} else if (!strncmp((char *)ptr, "TargetAddress=", 14)) {

+			if (targets == NULL || targets->target_address != NULL) {

+				iscsi_set_error(iscsi, "Invalid discovery "

+						"reply");

+				pdu->callback(iscsi, SCSI_STATUS_ERROR, NULL,

+					      pdu->private_data);

+				iscsi_free_discovery_addresses(iscsi, targets);

+				return -1;

+			}

 			targets->target_address = iscsi_strdup(iscsi, (char *)ptr+14);

 			if (targets->target_address == NULL) {

 				iscsi_set_error(iscsi, "Failed to allocate "