esx_stream: Fix NULL dereferences

A wrong reordering caused "priv" to be derefenced before the NULL-check
in esxStreamSend and esxStreamRecvFlags.

Fixes: 12e19f172d
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Tim Wiederhake 2022-03-17 11:30:16 +01:00
parent 1dfd308843
commit 5e1da78967

View File

@ -198,8 +198,8 @@ esxStreamTransfer(esxStreamPrivate *priv, bool blocking)
static int static int
esxStreamSend(virStreamPtr stream, const char *data, size_t nbytes) esxStreamSend(virStreamPtr stream, const char *data, size_t nbytes)
{ {
int result = -1;
esxStreamPrivate *priv = stream->privateData; esxStreamPrivate *priv = stream->privateData;
VIR_LOCK_GUARD lock = virLockGuardLock(&priv->curl->lock);
if (nbytes == 0) if (nbytes == 0)
return 0; return 0;
@ -214,29 +214,33 @@ esxStreamSend(virStreamPtr stream, const char *data, size_t nbytes)
return -1; return -1;
} }
priv->buffer = (char *)data; VIR_WITH_MUTEX_LOCK_GUARD(&priv->curl->lock) {
priv->buffer_size = nbytes; priv->buffer = (char *)data;
priv->buffer_used = nbytes; priv->buffer_size = nbytes;
priv->buffer_used = nbytes;
if (stream->flags & VIR_STREAM_NONBLOCK) { if (stream->flags & VIR_STREAM_NONBLOCK) {
if (esxStreamTransfer(priv, false) < 0) if (esxStreamTransfer(priv, false) < 0)
return -1;
if (priv->buffer_used >= priv->buffer_size)
return -2;
} else /* blocking */ {
do {
int status = esxStreamTransfer(priv, true);
if (status < 0)
return -1; return -1;
if (status > 0) if (priv->buffer_used >= priv->buffer_size)
break; return -2;
} while (priv->buffer_used > 0); } else /* blocking */ {
do {
int status = esxStreamTransfer(priv, true);
if (status < 0)
return -1;
if (status > 0)
break;
} while (priv->buffer_used > 0);
}
result = priv->buffer_size - priv->buffer_used;
} }
return priv->buffer_size - priv->buffer_used; return result;
} }
static int static int
@ -245,8 +249,8 @@ esxStreamRecvFlags(virStreamPtr stream,
size_t nbytes, size_t nbytes,
unsigned int flags) unsigned int flags)
{ {
int result = -1;
esxStreamPrivate *priv = stream->privateData; esxStreamPrivate *priv = stream->privateData;
VIR_LOCK_GUARD lock = virLockGuardLock(&priv->curl->lock);
virCheckFlags(0, -1); virCheckFlags(0, -1);
@ -263,40 +267,44 @@ esxStreamRecvFlags(virStreamPtr stream,
return -1; return -1;
} }
priv->buffer = data; VIR_WITH_MUTEX_LOCK_GUARD(&priv->curl->lock) {
priv->buffer_size = nbytes; priv->buffer = data;
priv->buffer_used = 0; priv->buffer_size = nbytes;
priv->buffer_used = 0;
if (priv->backlog_used > 0) { if (priv->backlog_used > 0) {
if (priv->buffer_size > priv->backlog_used) if (priv->buffer_size > priv->backlog_used)
priv->buffer_used = priv->backlog_used; priv->buffer_used = priv->backlog_used;
else else
priv->buffer_used = priv->buffer_size; priv->buffer_used = priv->buffer_size;
memcpy(priv->buffer, priv->backlog, priv->buffer_used); memcpy(priv->buffer, priv->backlog, priv->buffer_used);
memmove(priv->backlog, priv->backlog + priv->buffer_used, memmove(priv->backlog, priv->backlog + priv->buffer_used,
priv->backlog_used - priv->buffer_used); priv->backlog_used - priv->buffer_used);
priv->backlog_used -= priv->buffer_used; priv->backlog_used -= priv->buffer_used;
} else if (stream->flags & VIR_STREAM_NONBLOCK) { } else if (stream->flags & VIR_STREAM_NONBLOCK) {
if (esxStreamTransfer(priv, false) < 0) if (esxStreamTransfer(priv, false) < 0)
return -1;
if (priv->buffer_used <= 0)
return -2;
} else /* blocking */ {
do {
int status = esxStreamTransfer(priv, true);
if (status < 0)
return -1; return -1;
if (status > 0) if (priv->buffer_used <= 0)
break; return -2;
} while (priv->buffer_used < priv->buffer_size); } else /* blocking */ {
do {
int status = esxStreamTransfer(priv, true);
if (status < 0)
return -1;
if (status > 0)
break;
} while (priv->buffer_used < priv->buffer_size);
}
result = priv->buffer_used;
} }
return priv->buffer_used; return result;
} }
static int static int