[PATCH] Check that there is actually a callback when reporting errors

If the PDU belonged to a server replying there would be no callback set and the application will crash with a segfault if we make the call without checking the value first. From: David Galeano Corrales <[email protected]> Signed-off-by: Ronnie Sahlberg <[email protected]>
sahlberg · Aug 15, 2024 · e6065ce · e6065ce
1 parent 28ad33a
commit e6065ce
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 6 deletions.
diff --git a/lib/init.c b/lib/init.c
@@ -423,7 +423,9 @@ static void rpc_purge_all_pdus(struct rpc_context *rpc, int status, const char *
 	while ((pdu = outqueue.head) != NULL) {
 		outqueue.head = pdu->next;
                 pdu->next = NULL;
-		pdu->cb(rpc, status, (void *) error, pdu->private_data);
+                if (pdu->cb) {
+                        pdu->cb(rpc, status, (void *) error, pdu->private_data);
+                }
 		rpc_free_pdu(rpc, pdu);
 	}
 #ifdef HAVE_MULTITHREADING
@@ -450,7 +452,9 @@ static void rpc_purge_all_pdus(struct rpc_context *rpc, int status, const char *
 		while((pdu = waitqueue.head) != NULL) {
 			waitqueue.head = pdu->next;
 			pdu->next = NULL;
-			pdu->cb(rpc, status, (void *) error, pdu->private_data);
+                        if (pdu->cb) {
+                                pdu->cb(rpc, status, (void *) error, pdu->private_data);
+                        }
 			rpc_free_pdu(rpc, pdu);
 		}
 	}

diff --git a/lib/socket.c b/lib/socket.c
@@ -1003,8 +1003,10 @@ rpc_timeout_scan(struct rpc_context *rpc)
 				rpc->outqueue.tail = NULL; //done
 			}
 			rpc_set_error_locked(rpc, "command timed out");
-			pdu->cb(rpc, RPC_STATUS_TIMEOUT,
-				NULL, pdu->private_data);
+                        if (pdu->cb) {
+                                pdu->cb(rpc, RPC_STATUS_TIMEOUT,
+                                        NULL, pdu->private_data);
+                        }
 			rpc_free_pdu(rpc, pdu);
 		}
 	}
@@ -1074,8 +1076,10 @@ rpc_timeout_scan(struct rpc_context *rpc)
 				// qqq move to a temporary queue and process after
 				// we drop the mutex
 				rpc_set_error_locked(rpc, "command timed out");
-				pdu->cb(rpc, RPC_STATUS_TIMEOUT,
-					NULL, pdu->private_data);
+                                if (pdu->cb) {
+                                        pdu->cb(rpc, RPC_STATUS_TIMEOUT,
+                                                NULL, pdu->private_data);
+                                }
 				rpc_free_pdu(rpc, pdu);
 			}
 		}