diff options
author | Emmanuel Dreyfus <manu@netbsd.org> | 2014-08-20 10:50:35 +0200 |
---|---|---|
committer | Krishnan Parthasarathi <kparthas@redhat.com> | 2014-08-21 20:30:14 -0700 |
commit | 865d156d30498cd1bf4219ddbbb304d2ffd4aea0 (patch) | |
tree | d50ccf63514745a781caecb826eaba7fe5112e38 /cli | |
parent | f83067f2a9fc5d85bbd985e14fcda07346371ec8 (diff) |
Fix quotad RPC options use-after-free bug in gluster
In cli/src/cli.c:cli_quotad_clnt_rpc_init(), dict_unref (rpc_opts)
causes the options to be freed while code in rpc/rpc-transport/socket
still relies on it. The options are corrupted when memory is reallocated,
which sometimes leads to a crashes on NetBSD when socket_connect()
attempted to read options.
Fix the problem by not doing the dict_unref(). Make sure the rpc_opts
are freed on error, though.
BUG: 1129939
Change-Id: If1d6ea50cc3e1599e9e369863c8db0c0694d3671
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/8502
Reviewed-by: Santosh Pradhan <spradhan@redhat.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com>
Tested-by: Krishnan Parthasarathi <kparthas@redhat.com>
Diffstat (limited to 'cli')
-rw-r--r-- | cli/src/cli.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/cli/src/cli.c b/cli/src/cli.c index fa3c747d154..992f6a54321 100644 --- a/cli/src/cli.c +++ b/cli/src/cli.c @@ -553,7 +553,10 @@ cli_quotad_clnt_rpc_init (void) global_quotad_rpc = rpc; out: - dict_unref (rpc_opts); + if (ret) { + if (rpc_opts) + dict_destroy(rpc_opts); + } return rpc; } |