From 7c479d61681d3ddb7fcc325752384eac89ae809d Mon Sep 17 00:00:00 2001
From: Amar Tumballi <amar@gluster.com>
Date: Thu, 21 Oct 2010 02:25:49 +0000
Subject: rpcsvc: handle NULL deref in case of program mismatch

Signed-off-by: Amar Tumballi <amar@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>

BUG: 1982 (rpc: crash on progver mismatch)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1982
---
 rpc/rpc-lib/src/rpcsvc.c | 39 +++++++++++++++++++++++----------------
 1 file changed, 23 insertions(+), 16 deletions(-)

(limited to 'rpc')

diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c
index daf1298bb53..7db9ff48f8c 100644
--- a/rpc/rpc-lib/src/rpcsvc.c
+++ b/rpc/rpc-lib/src/rpcsvc.c
@@ -1378,27 +1378,31 @@ out:
 int
 rpcsvc_fill_reply (rpcsvc_request_t *req, struct rpc_msg *reply)
 {
+        int                      ret  = -1;
         rpcsvc_program_t        *prog = NULL;
         if ((!req) || (!reply))
-                return -1;
-
-        prog = rpcsvc_request_program (req);
-        if (!prog)
-                return -1;
+                goto out;
 
+        ret = 0;
         rpc_fill_empty_reply (reply, req->xid);
-
-        if (req->rpc_status == MSG_DENIED)
+        if (req->rpc_status == MSG_DENIED) {
                 rpc_fill_denied_reply (reply, req->rpc_err, req->auth_err);
-        else if (req->rpc_status == MSG_ACCEPTED)
-                rpc_fill_accepted_reply (reply, req->rpc_err, prog->proglowvers,
-                                         prog->proghighvers, req->verf.flavour,
-                                         req->verf.datalen,
+                goto out;
+        }
+
+        prog = rpcsvc_request_program (req);
+
+        if (req->rpc_status == MSG_ACCEPTED)
+                rpc_fill_accepted_reply (reply, req->rpc_err,
+                                         (prog) ? prog->proglowvers : 0,
+                                         (prog) ? prog->proghighvers: 0,
+                                         req->verf.flavour, req->verf.datalen,
                                          req->verf.authdata);
         else
                 gf_log (GF_RPCSVC, GF_LOG_ERROR, "Invalid rpc_status value");
 
-        return 0;
+out:
+        return ret;
 }
 
 
@@ -1538,14 +1542,17 @@ rpcsvc_submit_generic (rpcsvc_request_t *req, struct iovec *proghdr,
         if (ret == -1) {
                 gf_log (GF_RPCSVC, GF_LOG_ERROR, "failed to submit message "
                         "(XID: 0x%lx, Program: %s, ProgVers: %d, Proc: %d) to "
-                        "rpc-transport (%s)", req->xid, req->prog->progname,
-                        req->prog->progver, req->procnum, trans->name);
+                        "rpc-transport (%s)", req->xid,
+                        req->prog ? req->prog->progname : "(not matched)",
+                        req->prog ? req->prog->progver : 0,
+                        req->procnum, trans->name);
         } else {
                 gf_log (GF_RPCSVC, GF_LOG_TRACE,
                         "submitted reply for rpc-message (XID: 0x%lx, "
                         "Program: %s, ProgVers: %d, Proc: %d) to rpc-transport "
-                        "(%s)", req->xid, req->prog->progname,
-                        req->prog->progver, req->procnum, trans->name);
+                        "(%s)", req->xid, req->prog ? req->prog->progname: "-",
+                        req->prog ? req->prog->progver : 0,
+                        req->procnum, trans->name);
         }
 
 disconnect_exit:
-- 
cgit