From: Oliver Kurth <okurth@vmware.com>
Date: Fri, 22 Nov 2019 22:52:35 +0000 (-0800)
Subject: Fix a potential NULL pointer dereference in the vmbackup plugin.
X-Git-Tag: stable-11.1.0~134
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0bb6cf83fb6b1f80c99beb11cd47e0db02e252ff;p=thirdparty%2Fopen-vm-tools.git

Fix a potential NULL pointer dereference in the vmbackup plugin.

In some circumtances, VmBackupAsyncCallback might dereference
gBackupState after calling VmBackupDoAbort even though the
latter function can potentially set gBackupState to NULL.  Add
a check to prevent the potential NULL pointer dereference.
---

diff --git a/open-vm-tools/services/plugins/vmbackup/stateMachine.c b/open-vm-tools/services/plugins/vmbackup/stateMachine.c
index 6b422869a..5c01a7bc3 100644
--- a/open-vm-tools/services/plugins/vmbackup/stateMachine.c
+++ b/open-vm-tools/services/plugins/vmbackup/stateMachine.c
@@ -675,6 +675,15 @@ VmBackupAsyncCallback(void *clientData)
       if (gBackupState->rpcState == VMBACKUP_RPC_STATE_ERROR) {
          g_warning("Aborting backup operation due to RPC errors.");
          VmBackupDoAbort();
+
+         /*
+          * Check gBackupState, since the abort could cause a transition to
+          * VMBACKUP_MSTATE_IDLE, in which case the VmBackupState structure
+          * would be freed and gBackupState would be NULL.
+          */
+         if (gBackupState == NULL) {
+            return FALSE;
+         }
          goto exit;
       }
    }