Commit 8d20abe8 authored by Peter Lieven's avatar Peter Lieven Committed by Max Reitz
Browse files

block/nfs: fix NULL pointer dereference in URI parsing 



parse_uint_full wants to put the parsed value into the
variable passed via its second argument which is NULL.

Fixes: 94d6a7a7
Cc: qemu-stable@nongnu.org
Signed-off-by: default avatarPeter Lieven <pl@kamp.de>
Reviewed-by: default avatarEric Blake <eblake@redhat.com>
Message-id: 1485942829-10756-2-git-send-email-pl@kamp.de
Signed-off-by: default avatarMax Reitz <mreitz@redhat.com>
parent 16e977d5

block/nfs.c

+2 −1
Original line number Diff line number Diff line
@@ -108,12 +108,13 @@ static int nfs_parse_uri(const char *filename, QDict *options, Error **errp) 
    qdict_put(options, "path", qstring_from_str(uri->path));



    for (i = 0; i < qp->n; i++) {

        unsigned long long val;

        if (!qp->p[i].value) {

            error_setg(errp, "Value for NFS parameter expected: %s",

                       qp->p[i].name);

            goto out;

        }

        if (parse_uint_full(qp->p[i].value, NULL, 0)) {

        if (parse_uint_full(qp->p[i].value, &val, 0)) {

            error_setg(errp, "Illegal value for NFS parameter: %s",

                       qp->p[i].name);

            goto out;