diff options
author | Jörn Engel <joern@logfs.org> | 2012-02-15 22:52:11 +0100 |
---|---|---|
committer | Nicholas Bellinger <nab@linux-iscsi.org> | 2012-02-25 23:37:50 +0100 |
commit | 47f1b8803e1e358ebbf4f82bfdb98971c912a2c3 (patch) | |
tree | c5d85478fb2c7245a819b707adc7fca2b926b4c3 /drivers/target | |
parent | target: fix use after free in target_report_luns (diff) | |
download | linux-47f1b8803e1e358ebbf4f82bfdb98971c912a2c3.tar.xz linux-47f1b8803e1e358ebbf4f82bfdb98971c912a2c3.zip |
target: prevent NULL pointer dereference in target_report_luns
transport_kmap_data_sg can return NULL. I never saw this trigger, but
returning -ENOMEM seems better than a crash. Also removes a pointless
case while at it.
Signed-off-by: Joern Engel <joern@logfs.org>
Cc: stable@vger.kernel.org
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Diffstat (limited to 'drivers/target')
-rw-r--r-- | drivers/target/target_core_device.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c index b0572f480c04..36fa75da085c 100644 --- a/drivers/target/target_core_device.c +++ b/drivers/target/target_core_device.c @@ -652,7 +652,9 @@ int target_report_luns(struct se_task *se_task) unsigned char *buf; u32 cdb_offset = 0, lun_count = 0, offset = 8, i; - buf = (unsigned char *) transport_kmap_data_sg(se_cmd); + buf = transport_kmap_data_sg(se_cmd); + if (!buf) + return -ENOMEM; /* * If no struct se_session pointer is present, this struct se_cmd is |