From cc486da3ebb00ac4730df4ae03d04ec64e0e965c Mon Sep 17 00:00:00 2001
From: Soumya Koduri <skoduri@redhat.com>
Date: Wed, 9 Jan 2019 21:06:49 +0530
Subject: leases: Reset lease_ctx->timer post deletion

To avoid use_after_free, reset lease_ctx->timer back to NULL
after the structure has been freed.

Change-Id: Icd213ec809b8af934afdb519c335a4680a1d6cdc
updates: bz#1655532
Signed-off-by: Soumya Koduri <skoduri@redhat.com>
(cherry picked from commit a9b0003c717087ff168bc143c70559162e53e0d5)
---
 xlators/features/leases/src/leases-internal.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/xlators/features/leases/src/leases-internal.c b/xlators/features/leases/src/leases-internal.c
index 8695c9b2538..61928597f8f 100644
--- a/xlators/features/leases/src/leases-internal.c
+++ b/xlators/features/leases/src/leases-internal.c
@@ -694,6 +694,7 @@ __remove_lease (xlator_t *this, inode_t *inode, lease_inode_ctx_t *lease_ctx,
         if (lease_ctx->lease_cnt == 0 && lease_ctx->timer) {
                 ret = gf_tw_del_timer (priv->timer_wheel, lease_ctx->timer);
                 lease_ctx->recall_in_progress = _gf_false;
+                lease_ctx->timer = NULL;
         }
 out:
         return ret;
-- 
cgit