diff options
| author | Raghavendra G <rgowdapp@redhat.com> | 2016-01-14 16:11:27 +0530 | 
|---|---|---|
| committer | Raghavendra G <rgowdapp@redhat.com> | 2016-01-17 21:25:20 -0800 | 
| commit | c862580c66ed7d2a8dc96b9051e5df86e1aae0d0 (patch) | |
| tree | 1ef6a6d4a09aa7b26a9e9b34394c4b7262dd2673 /libglusterfs | |
| parent | 7fa96199d669423d8ed2d2271fd603d641e603b8 (diff) | |
protocol/server: Fix memory corruption during client-table-expand.
gf_client_clienttable_expand frees up old entries after expanding. So,
cliententry should be reassigned to a free slot in new array of
cliententries. Earlier it used to point to a slot in oldentries
resulting in a use-after-free bug.
Thanks to Pranith for the assistance provided.
Change-Id: Iabe40c7df475471a7df7bccb302aef496ded3f1c
BUG: 1298498
Signed-off-by: Raghavendra G <rgowdapp@redhat.com>
Reviewed-on: http://review.gluster.org/13241
Smoke: Gluster Build System <jenkins@build.gluster.com>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
CentOS-regression: Gluster Build System <jenkins@build.gluster.com>
Diffstat (limited to 'libglusterfs')
| -rw-r--r-- | libglusterfs/src/client_t.c | 1 | 
1 files changed, 1 insertions, 0 deletions
| diff --git a/libglusterfs/src/client_t.c b/libglusterfs/src/client_t.c index 1c291518564..8cf14865665 100644 --- a/libglusterfs/src/client_t.c +++ b/libglusterfs/src/client_t.c @@ -265,6 +265,7 @@ gf_client_get (xlator_t *this, struct rpcsvc_auth_data *cred, char *client_uid)                                  errno = result;                                  goto unlock;                          } +                        cliententry = &clienttable->cliententries[client->tbl_index];                          cliententry->next_free = clienttable->first_free;                  }                  cliententry->client = client; | 
