From 6c6daa468c9a1ad1ad4d5bf727008d029d009a50 Mon Sep 17 00:00:00 2001 From: Cathy Avery Date: Tue, 3 Dec 2019 14:30:48 +0100 Subject: [PATCH 2/4] Fix a potential NULL pointer dereference in the vmbackup plugin. RH-Author: Cathy Avery Message-id: <20191203143050.23065-3-cavery@redhat.com> Patchwork-id: 92836 O-Subject: [RHEL8.2 open-vm-tools PATCH 2/4] Fix a potential NULL pointer dereference in the vmbackup plugin. Bugzilla: 1769881 RH-Acked-by: Vitaly Kuznetsov RH-Acked-by: Miroslav Rezanina commit 0bb6cf83fb6b1f80c99beb11cd47e0db02e252ff Author: Oliver Kurth Date: Fri Nov 22 14:52:35 2019 -0800 Fix a potential NULL pointer dereference in the vmbackup plugin. In some circumtances, VmBackupAsyncCallback might dereference gBackupState after calling VmBackupDoAbort even though the latter function can potentially set gBackupState to NULL. Add a check to prevent the potential NULL pointer dereference. Signed-off-by: Cathy Avery Signed-off-by: Miroslav Rezanina --- open-vm-tools/services/plugins/vmbackup/stateMachine.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/open-vm-tools/services/plugins/vmbackup/stateMachine.c b/open-vm-tools/services/plugins/vmbackup/stateMachine.c index 6b42286..5c01a7b 100644 --- a/open-vm-tools/services/plugins/vmbackup/stateMachine.c +++ b/open-vm-tools/services/plugins/vmbackup/stateMachine.c @@ -675,6 +675,15 @@ VmBackupAsyncCallback(void *clientData) if (gBackupState->rpcState == VMBACKUP_RPC_STATE_ERROR) { g_warning("Aborting backup operation due to RPC errors."); VmBackupDoAbort(); + + /* + * Check gBackupState, since the abort could cause a transition to + * VMBACKUP_MSTATE_IDLE, in which case the VmBackupState structure + * would be freed and gBackupState would be NULL. + */ + if (gBackupState == NULL) { + return FALSE; + } goto exit; } } -- 1.8.3.1