[PATCH] sunrpc: fix a missing check of xdr_inline_decode
From: Kangjie Lu
Date: Tue Dec 25 2018 - 22:19:14 EST
xdr_inline_decode() could fail. When it fails, the return value is NULL
and should not be dereferenced.
The fix checks if xdr_inline_decode fails, and if so, returns.
Signed-off-by: Kangjie Lu <kjlu@xxxxxxx>
---
net/sunrpc/xprtrdma/backchannel.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/sunrpc/xprtrdma/backchannel.c b/net/sunrpc/xprtrdma/backchannel.c
index e5b367a3e517..bd9be5272ef4 100644
--- a/net/sunrpc/xprtrdma/backchannel.c
+++ b/net/sunrpc/xprtrdma/backchannel.c
@@ -285,6 +285,8 @@ void rpcrdma_bc_receive_call(struct rpcrdma_xprt *r_xprt,
__be32 *p;
p = xdr_inline_decode(&rep->rr_stream, 0);
+ if (unlikely(!p))
+ goto out_overflow;
size = xdr_stream_remaining(&rep->rr_stream);
#ifdef RPCRDMA_BACKCHANNEL_DEBUG
--
2.17.2 (Apple Git-113)