Commit c2e288a6 authored Mar 28, 2023 by Shuhei Matsumoto Committed by Ben Walker Apr 06, 2023

iscsi: Return if conn->sock is NULL when updating connection params



iSCSI connection closes its socket when it is terminated. After the
socket is closed, the connection cannot access to it. However, the iSCSI
fuzz test terminated a connection while processing a text command. The
connection aborted the text command and the corresponding completion
callback accessed the closed socket. This unexpected access caused a
NULL pointer access.

Add a check if conn->sock is not NULL to iscsi_conn_params_update()
to avoid such NULL pointer access. The return type of the most iSCSI
library functions are void. Here, it is enough not to return 0. Hence,
use -ENXIO simply to indicate there is no available socket.

Fixes the issue #2958

Signed-off-by: Shuhei Matsumoto <smatsumoto@nvidia.com>
Change-Id: I2c1f58a63ee0a40561a17f81d4b4264061f411f6
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/17353


Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Community-CI: Mellanox Build Bot
Reviewed-by: Jim Harris <james.r.harris@intel.com>
Reviewed-by: Michal Berger <michal.berger@intel.com>

parent 712ab983

lib/iscsi/iscsi.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -1077,6 +1077,11 @@ iscsi_conn_params_update(struct spdk_iscsi_conn *conn)
		}
		}

		if (conn->sock == NULL) {
		SPDK_INFOLOG(iscsi, "socket is already closed.\n");
		return -ENXIO;
		}

		/* The socket receive buffer may need to be adjusted based on the new parameters */

		/* Don't allow the recv buffer to be 0 or very large. */

Admin message