From a664ca8c43fbffc7be960f94dc44d79649051e28 Mon Sep 17 00:00:00 2001
From: Sumit Rai <srai@ddn.com>
Date: Thu, 20 Jun 2019 10:15:11 +0530
Subject: [PATCH] lib/iser.c: fix overflow_data_size NULL ptr dereference

Discovered this while running iSCSI.iSCSITMF AbortTaskSimpleAsync
test case. For Task Management command iser_pdu->iscsi_pdu.scsi_cbdata
is not set. When test case tries to send Task Management command
via common API iser_send_command() - it calls overflow_data_size
which tries to dereference scsi_cbdata leading to SEGFAULT.

Added a non-NULL check for scsi_cbdata before accessing it.
---
 lib/iser.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/iser.c b/lib/iser.c
index d65418f..92a33e7 100644
--- a/lib/iser.c
+++ b/lib/iser.c
@@ -624,6 +624,9 @@ overflow_data_size(struct iser_pdu *iser_pdu)
 {
 	int data_size;
 
+    if (!iser_pdu->iscsi_pdu.scsi_cbdata.task) {
+        return 0;
+    }
 	data_size = iser_pdu->iscsi_pdu.scsi_cbdata.task->expxferlen;
 
 	return (data_size > DATA_BUFFER_SIZE);