From 87ee6456217debfbb9a0180933ed84281e45a705 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 5 Nov 2013 14:24:28 +0100
Subject: [PATCH] check for a target being there before processing
 TargetAddress

Otherwise we access a NULL pointer.  RFC3270 appendix D confirms
that TargetName must always come before TargetAddress.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 lib/discovery.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/discovery.c b/lib/discovery.c
index e12a15a..8301bea 100644
--- a/lib/discovery.c
+++ b/lib/discovery.c
@@ -175,6 +175,14 @@ iscsi_process_text_reply(struct iscsi_context *iscsi, struct iscsi_pdu *pdu,
 			target->next = targets;
 			targets = target;
 		} else if (!strncmp((char *)ptr, "TargetAddress=", 14)) {
+			if (targets == NULL || targets->target_address != NULL) {
+				iscsi_set_error(iscsi, "Invalid discovery "
+						"reply");
+				pdu->callback(iscsi, SCSI_STATUS_ERROR, NULL,
+					      pdu->private_data);
+				iscsi_free_discovery_addresses(iscsi, targets);
+				return -1;
+			}
 			targets->target_address = iscsi_strdup(iscsi, (char *)ptr+14);
 			if (targets->target_address == NULL) {
 				iscsi_set_error(iscsi, "Failed to allocate "