From c2e288a62534eb6f0def595f2745ca7e8d98555c Mon Sep 17 00:00:00 2001
From: Shuhei Matsumoto <smatsumoto@nvidia.com>
Date: Tue, 28 Mar 2023 10:09:25 +0900
Subject: [PATCH] iscsi: Return if conn->sock is NULL when updating connection
 params

iSCSI connection closes its socket when it is terminated. After the
socket is closed, the connection cannot access to it. However, the iSCSI
fuzz test terminated a connection while processing a text command. The
connection aborted the text command and the corresponding completion
callback accessed the closed socket. This unexpected access caused a
NULL pointer access.

Add a check if conn->sock is not NULL to iscsi_conn_params_update()
to avoid such NULL pointer access. The return type of the most iSCSI
library functions are void. Here, it is enough not to return 0. Hence,
use -ENXIO simply to indicate there is no available socket.

Fixes the issue #2958

Signed-off-by: Shuhei Matsumoto <smatsumoto@nvidia.com>
Change-Id: I2c1f58a63ee0a40561a17f81d4b4264061f411f6
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/17353
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Community-CI: Mellanox Build Bot
Reviewed-by: Jim Harris <james.r.harris@intel.com>
Reviewed-by: Michal Berger <michal.berger@intel.com>
---
 lib/iscsi/iscsi.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/iscsi/iscsi.c b/lib/iscsi/iscsi.c
index c61f2b0c0..5eae3e148 100644
--- a/lib/iscsi/iscsi.c
+++ b/lib/iscsi/iscsi.c
@@ -1077,6 +1077,11 @@ iscsi_conn_params_update(struct spdk_iscsi_conn *conn)
 		}
 	}
 
+	if (conn->sock == NULL) {
+		SPDK_INFOLOG(iscsi, "socket is already closed.\n");
+		return -ENXIO;
+	}
+
 	/* The socket receive buffer may need to be adjusted based on the new parameters */
 
 	/* Don't allow the recv buffer to be 0 or very large. */