diff options
| author | Raghavendra G <raghavendra@gluster.com> | 2012-12-18 14:43:27 +0530 | 
|---|---|---|
| committer | Anand Avati <avati@redhat.com> | 2013-02-05 13:35:16 -0800 | 
| commit | e8d09b9ab9a93367a7135fc6b0e721c9d13e0e2d (patch) | |
| tree | 442cdb566d590e2284e776eec095e7dfb4e95b54 | |
| parent | 6763272e7f3fbe8afba948a8afb075b9cf2a5ca7 (diff) | |
rpcsvc: Fix memory corruption caused by rpcsvc_dump returning non-zero
The convention followed is that any actor should return non-zero
value only if it has not attempted to send the reply back. If an
actor returns non-zero, rpcsvc_handle_rpc_call tries to send an
error reply. Since, rpcsvc_submit_generic frees the rpc_req, its wrong
to invoke it more than once on same rpc_req. When the transport is not
connected, rpcsvc_dump used to pass the non-zero value it got from
 transport to rpcsvc resulting in memory corruption. Hence this patch
makes rpcsvc_dump to return 0.
Change-Id: I1b6f28969ee546c44d193d3d33debccb65585b69
BUG: 903113
Signed-off-by: Raghavendra G <raghavendra@gluster.com>
Reviewed-on: http://review.gluster.org/4183
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
Reviewed-by: Raghavendra Bhat <raghavendra@redhat.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
| -rw-r--r-- | rpc/rpc-lib/src/rpcsvc.c | 18 | 
1 files changed, 8 insertions, 10 deletions
| diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c index bb14f11be..205ef1a9d 100644 --- a/rpc/rpc-lib/src/rpcsvc.c +++ b/rpc/rpc-lib/src/rpcsvc.c @@ -1729,15 +1729,17 @@ rpcsvc_dump (rpcsvc_request_t *req)          uint32_t     dump_rsp_len      = 0;          if (!req) -                goto fail; +                goto sendrsp;          ret = build_prog_details (req, &rsp);          if (ret < 0) {                  op_errno = -ret; -                goto fail; +                goto sendrsp;          } -fail: +        op_errno = 0; + +sendrsp:          rsp.op_errno = gf_errno_to_error (op_errno);          rsp.op_ret   = ret; @@ -1749,15 +1751,11 @@ fail:          ret = xdr_serialize_generic (iov, &rsp, (xdrproc_t)xdr_gf_dump_rsp);          if (ret < 0) { -                if (req) -                        req->rpc_err = GARBAGE_ARGS; -                op_errno = EINVAL; -                goto fail; +                ret = RPCSVC_ACTOR_ERROR; +        } else { +                rpcsvc_submit_generic (req, &iov, 1, NULL, 0, NULL);          } -        ret = rpcsvc_submit_generic (req, &iov, 1, NULL, 0, -                                     NULL); -          free_prog_details (&rsp);          return ret; | 
