Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

CA-84670: fix segfault because of uninitialized conn->info #17

Merged
merged 1 commit into from

2 participants

@tmakatos

No description provided.

@andreil andreil merged commit 6590ae9 into xapi-project:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 11 additions and 11 deletions.
  1. +11 −11 drivers/tapdisk-control.c
View
22 drivers/tapdisk-control.c
@@ -481,7 +481,7 @@ tapdisk_control_write_message(struct tapdisk_ctl_conn *conn,
{
size_t size = sizeof(*message), count;
- if (conn->info->flags & TAPDISK_MSG_VERBOSE)
+ if (conn->info && conn->info->flags & TAPDISK_MSG_VERBOSE)
DBG("sending '%s' message (uuid = %u)\n",
tapdisk_message_name(message->type), message->cookie);
@@ -1068,15 +1068,13 @@ tapdisk_control_handle_request(event_id_t id, char mode, void *private)
int err, excl;
tapdisk_message_t message, response;
struct tapdisk_ctl_conn *conn = private;
- struct tapdisk_control_info *info;
+
+ conn->info = NULL;
err = tapdisk_control_read_message(conn->fd, &message, 2);
if (err)
goto close;
- if (conn->in.busy)
- goto busy;
-
err = tapdisk_control_validate_request(&message);
if (err)
goto invalid;
@@ -1084,16 +1082,19 @@ tapdisk_control_handle_request(event_id_t id, char mode, void *private)
if (message.type > TAPDISK_MESSAGE_EXIT)
goto invalid;
- info = &message_infos[message.type];
+ conn->info = &message_infos[message.type];
- if (!info->handler)
+ if (!conn->info->handler)
goto invalid;
- if (info->flags & TAPDISK_MSG_VERBOSE)
+ if (conn->info->flags & TAPDISK_MSG_VERBOSE)
DBG("received '%s' message (uuid = %u)\n",
tapdisk_message_name(message.type), message.cookie);
- excl = !(info->flags & TAPDISK_MSG_REENTER);
+ if (conn->in.busy)
+ goto busy;
+
+ excl = !(conn->info->flags & TAPDISK_MSG_REENTER);
if (excl) {
if (td_control.busy)
goto busy;
@@ -1101,9 +1102,8 @@ tapdisk_control_handle_request(event_id_t id, char mode, void *private)
td_control.busy = 1;
}
conn->in.busy = 1;
- conn->info = info;
- info->handler(conn, &message);
+ conn->info->handler(conn, &message);
conn->in.busy = 0;
if (excl)
Something went wrong with that request. Please try again.