Overview

File 0413-hw-scsi-megasas-check-for-NULL-fram.patch of Package qemu.29142

From: Mauro Matteo Cascella <mcascell@redhat.com>
Date: Thu, 24 Dec 2020 18:54:41 +0100
Subject: hw/scsi/megasas: check for NULL frame in megasas_command_cancelled()

Git-commit: 00000000000000000000000000000000000000000000
References: bsc#1180432, CVE-2020-35503

Ensure that 'cmd->frame' is not NULL before accessing the 'header' field.
This check prevents a potential NULL pointer dereference issue.

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1910346
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr>
Acked-By: Jose R Ziviani <jose.ziviani@suse.com>
---
 hw/scsi/megasas.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index ec588854258202bd27409ab9325f..67b764cc09abb425939f72982087 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -1899,7 +1899,7 @@ static void megasas_command_cancel(SCSIRequest *req)
 {
     MegasasCmd *cmd = req->hba_private;
 
-    if (cmd) {
+    if (cmd && cmd->frame) {
         megasas_abort_command(cmd);
     } else {
         scsi_req_unref(req);
openSUSE Build Service is sponsored by
Places