mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-30 18:03:32 +00:00
esx_stream: Fix NULL dereferences
A wrong reordering caused "priv" to be derefenced before the NULL-check
in esxStreamSend and esxStreamRecvFlags.
Fixes: 12e19f172d
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
parent
1dfd308843
commit
5e1da78967
@ -198,8 +198,8 @@ esxStreamTransfer(esxStreamPrivate *priv, bool blocking)
|
|||||||
static int
|
static int
|
||||||
esxStreamSend(virStreamPtr stream, const char *data, size_t nbytes)
|
esxStreamSend(virStreamPtr stream, const char *data, size_t nbytes)
|
||||||
{
|
{
|
||||||
|
int result = -1;
|
||||||
esxStreamPrivate *priv = stream->privateData;
|
esxStreamPrivate *priv = stream->privateData;
|
||||||
VIR_LOCK_GUARD lock = virLockGuardLock(&priv->curl->lock);
|
|
||||||
|
|
||||||
if (nbytes == 0)
|
if (nbytes == 0)
|
||||||
return 0;
|
return 0;
|
||||||
@ -214,29 +214,33 @@ esxStreamSend(virStreamPtr stream, const char *data, size_t nbytes)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
priv->buffer = (char *)data;
|
VIR_WITH_MUTEX_LOCK_GUARD(&priv->curl->lock) {
|
||||||
priv->buffer_size = nbytes;
|
priv->buffer = (char *)data;
|
||||||
priv->buffer_used = nbytes;
|
priv->buffer_size = nbytes;
|
||||||
|
priv->buffer_used = nbytes;
|
||||||
|
|
||||||
if (stream->flags & VIR_STREAM_NONBLOCK) {
|
if (stream->flags & VIR_STREAM_NONBLOCK) {
|
||||||
if (esxStreamTransfer(priv, false) < 0)
|
if (esxStreamTransfer(priv, false) < 0)
|
||||||
return -1;
|
|
||||||
|
|
||||||
if (priv->buffer_used >= priv->buffer_size)
|
|
||||||
return -2;
|
|
||||||
} else /* blocking */ {
|
|
||||||
do {
|
|
||||||
int status = esxStreamTransfer(priv, true);
|
|
||||||
|
|
||||||
if (status < 0)
|
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (status > 0)
|
if (priv->buffer_used >= priv->buffer_size)
|
||||||
break;
|
return -2;
|
||||||
} while (priv->buffer_used > 0);
|
} else /* blocking */ {
|
||||||
|
do {
|
||||||
|
int status = esxStreamTransfer(priv, true);
|
||||||
|
|
||||||
|
if (status < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
if (status > 0)
|
||||||
|
break;
|
||||||
|
} while (priv->buffer_used > 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
result = priv->buffer_size - priv->buffer_used;
|
||||||
}
|
}
|
||||||
|
|
||||||
return priv->buffer_size - priv->buffer_used;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
@ -245,8 +249,8 @@ esxStreamRecvFlags(virStreamPtr stream,
|
|||||||
size_t nbytes,
|
size_t nbytes,
|
||||||
unsigned int flags)
|
unsigned int flags)
|
||||||
{
|
{
|
||||||
|
int result = -1;
|
||||||
esxStreamPrivate *priv = stream->privateData;
|
esxStreamPrivate *priv = stream->privateData;
|
||||||
VIR_LOCK_GUARD lock = virLockGuardLock(&priv->curl->lock);
|
|
||||||
|
|
||||||
virCheckFlags(0, -1);
|
virCheckFlags(0, -1);
|
||||||
|
|
||||||
@ -263,40 +267,44 @@ esxStreamRecvFlags(virStreamPtr stream,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
priv->buffer = data;
|
VIR_WITH_MUTEX_LOCK_GUARD(&priv->curl->lock) {
|
||||||
priv->buffer_size = nbytes;
|
priv->buffer = data;
|
||||||
priv->buffer_used = 0;
|
priv->buffer_size = nbytes;
|
||||||
|
priv->buffer_used = 0;
|
||||||
|
|
||||||
if (priv->backlog_used > 0) {
|
if (priv->backlog_used > 0) {
|
||||||
if (priv->buffer_size > priv->backlog_used)
|
if (priv->buffer_size > priv->backlog_used)
|
||||||
priv->buffer_used = priv->backlog_used;
|
priv->buffer_used = priv->backlog_used;
|
||||||
else
|
else
|
||||||
priv->buffer_used = priv->buffer_size;
|
priv->buffer_used = priv->buffer_size;
|
||||||
|
|
||||||
memcpy(priv->buffer, priv->backlog, priv->buffer_used);
|
memcpy(priv->buffer, priv->backlog, priv->buffer_used);
|
||||||
memmove(priv->backlog, priv->backlog + priv->buffer_used,
|
memmove(priv->backlog, priv->backlog + priv->buffer_used,
|
||||||
priv->backlog_used - priv->buffer_used);
|
priv->backlog_used - priv->buffer_used);
|
||||||
|
|
||||||
priv->backlog_used -= priv->buffer_used;
|
priv->backlog_used -= priv->buffer_used;
|
||||||
} else if (stream->flags & VIR_STREAM_NONBLOCK) {
|
} else if (stream->flags & VIR_STREAM_NONBLOCK) {
|
||||||
if (esxStreamTransfer(priv, false) < 0)
|
if (esxStreamTransfer(priv, false) < 0)
|
||||||
return -1;
|
|
||||||
|
|
||||||
if (priv->buffer_used <= 0)
|
|
||||||
return -2;
|
|
||||||
} else /* blocking */ {
|
|
||||||
do {
|
|
||||||
int status = esxStreamTransfer(priv, true);
|
|
||||||
|
|
||||||
if (status < 0)
|
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (status > 0)
|
if (priv->buffer_used <= 0)
|
||||||
break;
|
return -2;
|
||||||
} while (priv->buffer_used < priv->buffer_size);
|
} else /* blocking */ {
|
||||||
|
do {
|
||||||
|
int status = esxStreamTransfer(priv, true);
|
||||||
|
|
||||||
|
if (status < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
if (status > 0)
|
||||||
|
break;
|
||||||
|
} while (priv->buffer_used < priv->buffer_size);
|
||||||
|
}
|
||||||
|
|
||||||
|
result = priv->buffer_used;
|
||||||
}
|
}
|
||||||
|
|
||||||
return priv->buffer_used;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
Loading…
Reference in New Issue
Block a user