target: prevent NULL pointer dereference in target_report_luns

transport_kmap_data_sg can return NULL. I never saw this trigger, but returning -ENOMEM seems better than a crash. Also removes a pointless case while at it. Signed-off-by: Joern Engel <joern@logfs.org> Cc: stable@vger.kernel.org Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
author: Jörn Engel 2012-02-15 22:52:11 +0100
committer: Nicholas Bellinger 2012-02-25 23:37:50 +0100
commit: 47f1b8803e1e358ebbf4f82bfdb98971c912a2c3 (patch)
tree: c5d85478fb2c7245a819b707adc7fca2b926b4c3 /drivers/target
parent: target: fix use after free in target_report_luns (diff)
download: kernel-qcow2-linux-47f1b8803e1e358ebbf4f82bfdb98971c912a2c3.tar.gz
kernel-qcow2-linux-47f1b8803e1e358ebbf4f82bfdb98971c912a2c3.tar.xz
kernel-qcow2-linux-47f1b8803e1e358ebbf4f82bfdb98971c912a2c3.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
index b0572f480c04..36fa75da085c 100644
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
@@ -652,7 +652,9 @@ int target_report_luns(struct se_task *se_task)
 	unsigned char *buf;
 	u32 cdb_offset = 0, lun_count = 0, offset = 8, i;
 
-	buf = (unsigned char *) transport_kmap_data_sg(se_cmd);
+	buf = transport_kmap_data_sg(se_cmd);
+	if (!buf)
+		return -ENOMEM;
 
 	/*
 	 * If no struct se_session pointer is present, this struct se_cmd is
author	Jörn Engel	2012-02-15 22:52:11 +0100
committer	Nicholas Bellinger	2012-02-25 23:37:50 +0100
commit	47f1b8803e1e358ebbf4f82bfdb98971c912a2c3 (patch)
tree	c5d85478fb2c7245a819b707adc7fca2b926b4c3 /drivers/target
parent	target: fix use after free in target_report_luns (diff)
download	kernel-qcow2-linux-47f1b8803e1e358ebbf4f82bfdb98971c912a2c3.tar.gz kernel-qcow2-linux-47f1b8803e1e358ebbf4f82bfdb98971c912a2c3.tar.xz kernel-qcow2-linux-47f1b8803e1e358ebbf4f82bfdb98971c912a2c3.zip