From e8d09b9ab9a93367a7135fc6b0e721c9d13e0e2d Mon Sep 17 00:00:00 2001 From: Raghavendra G Date: Tue, 18 Dec 2012 14:43:27 +0530 Subject: rpcsvc: Fix memory corruption caused by rpcsvc_dump returning non-zero The convention followed is that any actor should return non-zero value only if it has not attempted to send the reply back. If an actor returns non-zero, rpcsvc_handle_rpc_call tries to send an error reply. Since, rpcsvc_submit_generic frees the rpc_req, its wrong to invoke it more than once on same rpc_req. When the transport is not connected, rpcsvc_dump used to pass the non-zero value it got from transport to rpcsvc resulting in memory corruption. Hence this patch makes rpcsvc_dump to return 0. Change-Id: I1b6f28969ee546c44d193d3d33debccb65585b69 BUG: 903113 Signed-off-by: Raghavendra G Reviewed-on: http://review.gluster.org/4183 Tested-by: Gluster Build System Reviewed-by: Anand Avati Reviewed-by: Raghavendra Bhat Reviewed-by: Jeff Darcy --- rpc/rpc-lib/src/rpcsvc.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c index bb14f11be..205ef1a9d 100644 --- a/rpc/rpc-lib/src/rpcsvc.c +++ b/rpc/rpc-lib/src/rpcsvc.c @@ -1729,15 +1729,17 @@ rpcsvc_dump (rpcsvc_request_t *req) uint32_t dump_rsp_len = 0; if (!req) - goto fail; + goto sendrsp; ret = build_prog_details (req, &rsp); if (ret < 0) { op_errno = -ret; - goto fail; + goto sendrsp; } -fail: + op_errno = 0; + +sendrsp: rsp.op_errno = gf_errno_to_error (op_errno); rsp.op_ret = ret; @@ -1749,15 +1751,11 @@ fail: ret = xdr_serialize_generic (iov, &rsp, (xdrproc_t)xdr_gf_dump_rsp); if (ret < 0) { - if (req) - req->rpc_err = GARBAGE_ARGS; - op_errno = EINVAL; - goto fail; + ret = RPCSVC_ACTOR_ERROR; + } else { + rpcsvc_submit_generic (req, &iov, 1, NULL, 0, NULL); } - ret = rpcsvc_submit_generic (req, &iov, 1, NULL, 0, - NULL); - free_prog_details (&rsp); return ret; -- cgit