|
 |
d75d53 |
From 6c6daa468c9a1ad1ad4d5bf727008d029d009a50 Mon Sep 17 00:00:00 2001
|
|
|
d75d53 |
From: Cathy Avery <cavery@redhat.com>
|
|
|
d75d53 |
Date: Tue, 3 Dec 2019 14:30:48 +0100
|
|
|
d75d53 |
Subject: [PATCH 2/4] Fix a potential NULL pointer dereference in the vmbackup
|
|
|
d75d53 |
plugin.
|
|
|
d75d53 |
|
|
|
d75d53 |
RH-Author: Cathy Avery <cavery@redhat.com>
|
|
|
d75d53 |
Message-id: <20191203143050.23065-3-cavery@redhat.com>
|
|
|
d75d53 |
Patchwork-id: 92836
|
|
|
d75d53 |
O-Subject: [RHEL8.2 open-vm-tools PATCH 2/4] Fix a potential NULL pointer dereference in the vmbackup plugin.
|
|
|
d75d53 |
Bugzilla: 1769881
|
|
|
d75d53 |
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
|
|
d75d53 |
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
d75d53 |
|
|
|
d75d53 |
commit 0bb6cf83fb6b1f80c99beb11cd47e0db02e252ff
|
|
|
d75d53 |
Author: Oliver Kurth <okurth@vmware.com>
|
|
|
d75d53 |
Date: Fri Nov 22 14:52:35 2019 -0800
|
|
|
d75d53 |
|
|
|
d75d53 |
Fix a potential NULL pointer dereference in the vmbackup plugin.
|
|
|
d75d53 |
|
|
|
d75d53 |
In some circumtances, VmBackupAsyncCallback might dereference
|
|
|
d75d53 |
gBackupState after calling VmBackupDoAbort even though the
|
|
|
d75d53 |
latter function can potentially set gBackupState to NULL. Add
|
|
|
d75d53 |
a check to prevent the potential NULL pointer dereference.
|
|
|
d75d53 |
|
|
|
d75d53 |
Signed-off-by: Cathy Avery <cavery@redhat.com>
|
|
|
d75d53 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
d75d53 |
---
|
|
|
d75d53 |
open-vm-tools/services/plugins/vmbackup/stateMachine.c | 9 +++++++++
|
|
|
d75d53 |
1 file changed, 9 insertions(+)
|
|
|
d75d53 |
|
|
|
d75d53 |
diff --git a/open-vm-tools/services/plugins/vmbackup/stateMachine.c b/open-vm-tools/services/plugins/vmbackup/stateMachine.c
|
|
|
d75d53 |
index 6b42286..5c01a7b 100644
|
|
|
d75d53 |
--- a/open-vm-tools/services/plugins/vmbackup/stateMachine.c
|
|
|
d75d53 |
+++ b/open-vm-tools/services/plugins/vmbackup/stateMachine.c
|
|
|
d75d53 |
@@ -675,6 +675,15 @@ VmBackupAsyncCallback(void *clientData)
|
|
|
d75d53 |
if (gBackupState->rpcState == VMBACKUP_RPC_STATE_ERROR) {
|
|
|
d75d53 |
g_warning("Aborting backup operation due to RPC errors.");
|
|
|
d75d53 |
VmBackupDoAbort();
|
|
|
d75d53 |
+
|
|
|
d75d53 |
+ /*
|
|
|
d75d53 |
+ * Check gBackupState, since the abort could cause a transition to
|
|
|
d75d53 |
+ * VMBACKUP_MSTATE_IDLE, in which case the VmBackupState structure
|
|
|
d75d53 |
+ * would be freed and gBackupState would be NULL.
|
|
|
d75d53 |
+ */
|
|
|
d75d53 |
+ if (gBackupState == NULL) {
|
|
|
d75d53 |
+ return FALSE;
|
|
|
d75d53 |
+ }
|
|
|
d75d53 |
goto exit;
|
|
|
d75d53 |
}
|
|
|
d75d53 |
}
|
|
|
d75d53 |
--
|
|
|
d75d53 |
1.8.3.1
|
|
|
d75d53 |
|