From 62a94b27bf15cb8c8b31a595276f1bac2ba4e9b1 Mon Sep 17 00:00:00 2001
From: Emmanuel Dreyfus <manu@netbsd.org>
Date: Sat, 6 Sep 2014 06:28:48 +0200
Subject: Fix quotad RPC options use-after-free bug in gluster

In cli/src/cli.c:cli_quotad_clnt_rpc_init(), dict_unref (rpc_opts)
causes the options to be freed while code in rpc/rpc-transport/socket
still relies on it. The options are corrupted when memory is reallocated,
which sometimes leads to a crashes on NetBSD when socket_connect()
attempted to read options.

Fix the problem by not doing the dict_unref(). Make sure the rpc_opts
are freed on error, though.

This is a backport of If1d6ea50cc3e1599e9e369863c8db0c0694d3671

BUG: 1138897
Change-Id: Idcd46c3ee9a7daa64dfeb8950e14d6b99f177bb3
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/8635
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
---
 cli/src/cli.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'cli')

diff --git a/cli/src/cli.c b/cli/src/cli.c
index fa3c747d154..992f6a54321 100644
--- a/cli/src/cli.c
+++ b/cli/src/cli.c
@@ -553,7 +553,10 @@ cli_quotad_clnt_rpc_init (void)
 
         global_quotad_rpc = rpc;
 out:
-        dict_unref (rpc_opts);
+        if (ret) {
+                if (rpc_opts)
+                        dict_destroy(rpc_opts);
+        }
         return rpc;
 }
 
-- 
cgit