commit 6c7ee4f4c406f851242a2100bc4e7a2f26d2e300
author Manojkiran Eda <manojkiran.eda@gmail.com> Tue Mar 18 09:56:39 2025 +0530
committer Manojkiran Eda <manojkiran.eda@gmail.com> Tue Mar 18 14:08:23 2025 +0530
tree 61cd77050d8359317c7a6c48368c1eb33e2c370d
parent bc40dd5a64f5b375ba86a0ab6b2ed3e7863e2f5b

requester: Add null check in pldm_instance_id_alloc

pldm_instance_id_alloc() function does not check for a valid
ctx object before dereferencing it. Hence it could cause
crash when its clients pass a null pointer by accident.

Change-Id: I340aa8171cd397f5af772a9cc6d4f80c8263a089
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>

CHANGELOG.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f2fde9c..95a70fb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -68,6 +68,7 @@
 - pdr: Remove PDR if the contained entity to be removed is the last one
 - meson: sizes.h: add includedir to install path
 - pdr: Create entity association PDRs with unique record handle
+- requester: add null check for instance db object in pldm_instance_id_alloc()
 
 ### Security
 

src/requester/instance-id.c

diff --git a/src/requester/instance-id.c b/src/requester/instance-id.c
index d891a48..10dc276 100644
--- a/src/requester/instance-id.c
+++ b/src/requester/instance-id.c
@@ -122,7 +122,7 @@
 {
 	uint8_t l_iid;
 
-	if (!iid) {
+	if (!ctx || !iid) {
 		return -EINVAL;
 	}
 

tests/instance-id.cpp

diff --git a/tests/instance-id.cpp b/tests/instance-id.cpp
index ad290ac..ed94c59 100644
--- a/tests/instance-id.cpp
+++ b/tests/instance-id.cpp
@@ -86,6 +86,14 @@
     EXPECT_EQ(pldm_instance_db_destroy(db), 0);
 }
 
+TEST_F(PldmInstanceDbTest, allocOnNulldb)
+{
+    struct pldm_instance_db* db = nullptr;
+    const pldm_tid_t tid = 1;
+    pldm_instance_id_t iid;
+    EXPECT_EQ(pldm_instance_id_alloc(db, tid, &iid), -EINVAL);
+}
+
 TEST_F(PldmInstanceDbTest, allocFreeOne)
 {
     struct pldm_instance_db* db = nullptr;