From 0962e24c3d66c173155d80783eb5d1cc4ae3c99e Mon Sep 17 00:00:00 2001
From: Soumya Koduri <skoduri@redhat.com>
Date: Tue, 25 Dec 2018 13:29:15 -0500
Subject: leases: Reset lease_ctx->timer post deletion

To avoid use_after_free, reset lease_ctx->timer back to NULL
after the structure has been freed.

Change-Id: Icd213ec809b8af934afdb519c335a4680a1d6cdc
updates: bz#1651323
Signed-off-by: Soumya Koduri <skoduri@redhat.com>
(cherry picked from commit a9b0003c717087ff168bc143c70559162e53e0d5)
---
 xlators/features/leases/src/leases-internal.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/xlators/features/leases/src/leases-internal.c b/xlators/features/leases/src/leases-internal.c
index ba0db4f9b4a..8699b99d291 100644
--- a/xlators/features/leases/src/leases-internal.c
+++ b/xlators/features/leases/src/leases-internal.c
@@ -676,6 +676,7 @@ __remove_lease(xlator_t *this, inode_t *inode, lease_inode_ctx_t *lease_ctx,
     if (lease_ctx->lease_cnt == 0 && lease_ctx->timer) {
         ret = gf_tw_del_timer(priv->timer_wheel, lease_ctx->timer);
         lease_ctx->recall_in_progress = _gf_false;
+        lease_ctx->timer = NULL;
     }
 out:
     return ret;
-- 
cgit