From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:43929)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <groug@kaod.org>) id 1bon09-00085G-RS
	for qemu-devel@nongnu.org; Tue, 27 Sep 2016 03:40:30 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <groug@kaod.org>) id 1bon03-0000nL-RN
	for qemu-devel@nongnu.org; Tue, 27 Sep 2016 03:40:28 -0400
Received: from 3.mo179.mail-out.ovh.net ([178.33.251.175]:39987)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <groug@kaod.org>) id 1bon03-0000nD-LB
	for qemu-devel@nongnu.org; Tue, 27 Sep 2016 03:40:23 -0400
Received: from player698.ha.ovh.net (b7.ovh.net [213.186.33.57])
	by mo179.mail-out.ovh.net (Postfix) with ESMTP id AAA28FFA431
	for <qemu-devel@nongnu.org>; Tue, 27 Sep 2016 09:40:22 +0200 (CEST)
Date: Tue, 27 Sep 2016 09:40:18 +0200
From: Greg Kurz <groug@kaod.org>
Message-ID: <20160927094018.448164b0@bahia.lab.toulouse-stg.fr.ibm.com>
In-Reply-To: <57e9f83a.e80d9d0a.89644.0d9f@mx.google.com>
References: <57e9f83a.e80d9d0a.89644.0d9f@mx.google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] 9pfs: make illegal path name detection
 more robust
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Li Qiang <liq3ea@gmail.com>
Cc: aneesh.kumar@linux.vnet.ibm.com, qemu-devel@nongnu.org, Li Qiang <liqiang6-s@360.cn>

On Mon, 26 Sep 2016 21:40:17 -0700
Li Qiang <liq3ea@gmail.com> wrote:

> From: Li Qiang <liqiang6-s@360.cn>
> 
> The parameter of name_is_illegal can be NULL, adding detection of
> this to avoid NULL pointer dereference issue.
> 

Same as with the other patch: the root cause is in v9fs_iov_vunmarshal().

> Signed-off-by: Li Qiang <liqiang6-s@360.cn>
> ---
>  hw/9pfs/9p.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
> index dd3145c..d960a2e 100644
> --- a/hw/9pfs/9p.c
> +++ b/hw/9pfs/9p.c
> @@ -1277,7 +1277,7 @@ static int v9fs_walk_marshal(V9fsPDU *pdu, uint16_t nwnames, V9fsQID *qids)
>  
>  static bool name_is_illegal(const char *name)
>  {
> -    return !*name || strchr(name, '/') != NULL;
> +    return !name || !*name || strchr(name, '/') != NULL;
>  }
>  
>  static bool not_same_qid(const V9fsQID *qid1, const V9fsQID *qid2)