iscsi: Return if conn->sock is NULL when updating connection params

iSCSI connection closes its socket when it is terminated. After the socket is closed, the connection cannot access to it. However, the iSCSI fuzz test terminated a connection while processing a text command. The connection aborted the text command and the corresponding completion callback accessed the closed socket. This unexpected access caused a NULL pointer access. Add a check if conn->sock is not NULL to iscsi_conn_params_update() to avoid such NULL pointer access. The return type of the most iSCSI library functions are void. Here, it is enough not to return 0. Hence, use -ENXIO simply to indicate there is no available socket. Fixes the issue #2958 Signed-off-by: Shuhei Matsumoto <smatsumoto@nvidia.com> Change-Id: I2c1f58a63ee0a40561a17f81d4b4264061f411f6 Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/17353 Tested-by: SPDK CI Jenkins <sys_sgci@intel.com> Reviewed-by: Ben Walker <benjamin.walker@intel.com> Community-CI: Mellanox Build Bot Reviewed-by: Jim Harris <james.r.harris@intel.com> Reviewed-by: Michal Berger <michal.berger@intel.com>
2023-03-28 10:09:25 +09:00 · 2023-03-28 10:09:25 +09:00 · f918384212
commit f918384212
parent a6aa4df1ce
1 changed files with 5 additions and 0 deletions
--- a/lib/iscsi/iscsi.c
+++ b/lib/iscsi/iscsi.c
@ -1077,6 +1077,11 @@ iscsi_conn_params_update(struct spdk_iscsi_conn *conn)
 		}
 	}

+	if (conn->sock == NULL) {
+		SPDK_INFOLOG(iscsi, "socket is already closed.\n");
+		return -ENXIO;
+	}
+
 	/* The socket receive buffer may need to be adjusted based on the new parameters */

 	/* Don't allow the recv buffer to be 0 or very large. */