diff options
| author | Krishnan Parthasarathi <kp@gluster.com> | 2011-06-10 04:42:28 +0000 | 
|---|---|---|
| committer | Anand Avati <avati@gluster.com> | 2011-06-10 03:53:58 -0700 | 
| commit | 25da481bc5b06d671e41e5a70b2c145777154bf1 (patch) | |
| tree | c58240c266f711778181d96e270f9ea6a053e145 /xlators/cluster/afr/src/pump.c | |
| parent | fb42a67e1eea17b3dc116d26ea92b93f740b28c3 (diff) | |
pump: cleanup potential dict related memory corruption.v3.1.5qa2
Signed-off-by: Krishnan Parthasarathi <kp@gluster.com>
Signed-off-by: Anand Avati <avati@gluster.com>
BUG: 2489 (GlusterFS crashing with replace-brick)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2489
Diffstat (limited to 'xlators/cluster/afr/src/pump.c')
| -rw-r--r-- | xlators/cluster/afr/src/pump.c | 45 | 
1 files changed, 34 insertions, 11 deletions
| diff --git a/xlators/cluster/afr/src/pump.c b/xlators/cluster/afr/src/pump.c index 10b9b720316..a7df543b46c 100644 --- a/xlators/cluster/afr/src/pump.c +++ b/xlators/cluster/afr/src/pump.c @@ -860,7 +860,8 @@ pump_initiate_sink_connect (call_frame_t *frame, xlator_t *this)          afr_local_t   *local     = NULL;          afr_private_t *priv      = NULL;          dict_t        *dict      = NULL; -        char          *dst_brick = NULL; +        data_t        *data      = NULL; +        char          *clnt_cmd  = NULL;          loc_t loc;          int ret = 0; @@ -872,8 +873,9 @@ pump_initiate_sink_connect (call_frame_t *frame, xlator_t *this)          build_root_loc (priv->root_inode, &loc); -        ret = dict_get_str (local->dict, PUMP_CMD_START, &dst_brick); -        if (ret < 0) { +        data = data_ref (dict_get (local->dict, PUMP_CMD_START)); +        if (!data) { +                ret = -1;                  gf_log (this->name, GF_LOG_ERROR,                          "Could not get destination brick value");                  goto out; @@ -887,11 +889,16 @@ pump_initiate_sink_connect (call_frame_t *frame, xlator_t *this)                  goto out;          } -        GF_ASSERT (dst_brick); +        clnt_cmd = GF_CALLOC (1, data->len+1, gf_common_mt_char); +        if (!clnt_cmd) { +                ret = -1; +                goto out; +        } +        memcpy (clnt_cmd, data->data, data->len);          gf_log (this->name, GF_LOG_DEBUG, -                "Got destination brick as %s", dst_brick); +                "Got destination brick as %s", clnt_cmd); -        ret = dict_set_str (dict, CLIENT_CMD_CONNECT, dst_brick); +        ret = dict_set_dynstr (dict, CLIENT_CMD_CONNECT, clnt_cmd);          if (ret < 0) {                  gf_log (this->name, GF_LOG_ERROR,                          "Could not inititiate destination brick " @@ -909,8 +916,14 @@ pump_initiate_sink_connect (call_frame_t *frame, xlator_t *this)          ret = 0; -        dict_unref (dict);  out: +        if (dict) +                dict_unref (dict); +        if (data) +                data_unref (data); +        if (ret) +                GF_FREE (clnt_cmd); +          return ret;  } @@ -1019,7 +1032,6 @@ pump_execute_status (call_frame_t *frame, xlator_t *this)          if (!dict_str) {                  gf_log (this->name, GF_LOG_ERROR,                          "Out of memory"); -                op_ret = -1;                  op_errno = ENOMEM;                  goto out;          } @@ -1033,21 +1045,32 @@ pump_execute_status (call_frame_t *frame, xlator_t *this)          }          dict = dict_new (); +        if (!dict) { +                ret = -1; +                op_errno = ENOMEM; +                goto out; +        } -        ret = dict_set_str (dict, PUMP_CMD_STATUS, dict_str); +        ret = dict_set_dynstr (dict, PUMP_CMD_STATUS, dict_str);          if (ret < 0) { +                op_errno = -ret;                  gf_log (this->name, GF_LOG_DEBUG,                          "dict_set_str returned negative value"); +                goto out;          }          op_ret = 0;  out: +        if (ret) +                op_ret = -1;          AFR_STACK_UNWIND (getxattr, frame, op_ret, op_errno, dict); -        dict_unref (dict); -        GF_FREE (dict_str); +        if (dict) +                dict_unref (dict); +        if (ret) +                GF_FREE (dict_str);          return 0;  } | 
