#2927 smf: crash in CcbApplyCallback() due to NULL access

[Thuan Tran]

SMFD crash in following code:

src/smf/smfd/SmfImmApplierHdl.cc

static void CcbApplyCallback(SaImmOiHandleT immOiHandle, SaImmOiCcbIdT ccbId) {
  ....
  TRACE("%s: Read value in attributes", __FUNCTION__);
  attrMod = opdata->param.modify.attrMods[0];
  attribute = attrMod->modAttr;

  for (int i = 1; attrMod != nullptr; i++) {
    /* Get the value */
    if (attribute_name.compare(attribute.attrName) != 0) {_
      // Not found
      attrMod = opdata->param.modify.attrMods[i];
      attribute = attrMod->modAttr;                 <= CRASH HERE
      continue;
    }

Proposal solution:

--- a/src/smf/smfd/SmfImmApplierHdl.cc
+++ b/src/smf/smfd/SmfImmApplierHdl.cc
@@ -446,14 +446,13 @@ static void CcbApplyCallback(SaImmOiHandleT immOiHandle, SaImmOiCcbIdT ccbId) {
    */
   TRACE("%s: Read value in attributes", __FUNCTION__);
   attrMod = opdata->param.modify.attrMods[0];
-  attribute = attrMod->modAttr;

   for (int i = 1; attrMod != nullptr; i++) {
     /* Get the value */
+    attribute = attrMod->modAttr;
     if (attribute_name_.compare(attribute.attrName) != 0) {
       // Not found
       attrMod = opdata->param.modify.attrMods[i];
-      attribute = attrMod->modAttr;
       continue;
     }

[Gary Lee]

develop:

commit 2c1ba3aefb1f35a27a12532a05eaa06cd37bb3b5
Author: thuan.tran thuan.tran@dektech.com.au
Date: Fri Sep 21 07:06:16 2018 +0000

smf: improve CcbApplyCallback() to avoid NULL access [#2927]

Current CcbApplyCallback() is not safe, may access NULL pointer
cause SMFD crash and node restart.