Dario Faggioli
c977c5d4a8
- Fix RiscV firmware (opensbi) cross-build * Patches added: Makefile-fix-build-with-binutils-2.38.patch - qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) * Patches added: hw-scsi-megasas-check-for-NULL-frame-in-.patch OBS-URL: https://build.opensuse.org/request/show/960206 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=692
32 lines
1.1 KiB
Diff
32 lines
1.1 KiB
Diff
From: Mauro Matteo Cascella <mcascell@redhat.com>
|
|
Date: Mon, 7 Mar 2022 16:22:01 +0100
|
|
Subject: hw/scsi/megasas: check for NULL frame in megasas_command_cancelled()
|
|
|
|
Git-commit: 00000000000000000000000000000000000000000000
|
|
References: bsc#1180432, CVE-2020-35503
|
|
|
|
Ensure that 'cmd->frame' is not NULL before accessing the 'header' field.
|
|
This check prevents a potential NULL pointer dereference issue.
|
|
|
|
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1910346
|
|
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
|
|
Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr>
|
|
Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
|
|
---
|
|
hw/scsi/megasas.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
|
|
index 4ff51221d4cd0952d9394b8f66b1..07b2b08bf2866907acf0a2b4450c 100644
|
|
--- a/hw/scsi/megasas.c
|
|
+++ b/hw/scsi/megasas.c
|
|
@@ -1891,7 +1891,7 @@ static void megasas_command_cancelled(SCSIRequest *req)
|
|
{
|
|
MegasasCmd *cmd = req->hba_private;
|
|
|
|
- if (!cmd) {
|
|
+ if (!cmd || !cmd->frame) {
|
|
return;
|
|
}
|
|
cmd->frame->header.cmd_status = MFI_STAT_SCSI_IO_FAILED;
|