From 7ff0ba71d50a324b0099ea85c2a0873dcede779f Mon Sep 17 00:00:00 2001
From: Kinglong Mee <mijinlong@open-fs.com>
Date: Mon, 18 Dec 2017 04:09:39 -0500
Subject: posix: fix use after freed by calling STACK_UNWIND_STRICT after error
 cleanup

xdata is freed when calling STACK_UNWIND_STRICT, so that,
posix_gfid_unset uses xdata after freed.

Change-Id: Id0ff2da3d6d9be204e50d9fb37ba57558936c85c
Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
---
 xlators/storage/posix/src/posix-entry-ops.c | 39 ++++++++++++++---------------
 1 file changed, 19 insertions(+), 20 deletions(-)

(limited to 'xlators')

diff --git a/xlators/storage/posix/src/posix-entry-ops.c b/xlators/storage/posix/src/posix-entry-ops.c
index 9d336ee5f60..050fea4c255 100644
--- a/xlators/storage/posix/src/posix-entry-ops.c
+++ b/xlators/storage/posix/src/posix-entry-ops.c
@@ -490,10 +490,6 @@ ignore:
 out:
         SET_TO_OLD_FS_ID ();
 
-        STACK_UNWIND_STRICT (mknod, frame, op_ret, op_errno,
-                             (loc)?loc->inode:NULL, &stbuf, &preparent,
-                             &postparent, NULL);
-
         if (op_ret < 0) {
                 if (entry_created) {
                         if (S_ISREG (mode))
@@ -506,6 +502,10 @@ out:
                         posix_gfid_unset (this, xdata);
         }
 
+        STACK_UNWIND_STRICT (mknod, frame, op_ret, op_errno,
+                             (loc)?loc->inode:NULL, &stbuf, &preparent,
+                             &postparent, NULL);
+
         return 0;
 }
 
@@ -804,10 +804,6 @@ posix_mkdir (call_frame_t *frame, xlator_t *this,
 out:
         SET_TO_OLD_FS_ID ();
 
-        STACK_UNWIND_STRICT (mkdir, frame, op_ret, op_errno,
-                             (loc)?loc->inode:NULL, &stbuf, &preparent,
-                             &postparent, xdata_rsp);
-
         if (op_ret < 0) {
                 if (entry_created)
                         sys_rmdir (real_path);
@@ -816,6 +812,10 @@ out:
                         posix_gfid_unset (this, xdata);
         }
 
+        STACK_UNWIND_STRICT (mkdir, frame, op_ret, op_errno,
+                             (loc)?loc->inode:NULL, &stbuf, &preparent,
+                             &postparent, xdata_rsp);
+
         if (xdata_rsp)
                 dict_unref (xdata_rsp);
 
@@ -1468,10 +1468,6 @@ ignore:
 out:
         SET_TO_OLD_FS_ID ();
 
-        STACK_UNWIND_STRICT (symlink, frame, op_ret, op_errno,
-                             (loc)?loc->inode:NULL, &stbuf, &preparent,
-                             &postparent, NULL);
-
         if (op_ret < 0) {
                 if (entry_created)
                         sys_unlink (real_path);
@@ -1480,6 +1476,10 @@ out:
                         posix_gfid_unset (this, xdata);
         }
 
+        STACK_UNWIND_STRICT (symlink, frame, op_ret, op_errno,
+                             (loc)?loc->inode:NULL, &stbuf, &preparent,
+                             &postparent, NULL);
+
         return 0;
 }
 
@@ -2116,15 +2116,10 @@ fill_stat:
 out:
         SET_TO_OLD_FS_ID ();
 
-        if ((-1 == op_ret) && (_fd != -1)) {
-                sys_close (_fd);
-        }
-
-        STACK_UNWIND_STRICT (create, frame, op_ret, op_errno,
-                             fd, (loc)?loc->inode:NULL, &stbuf, &preparent,
-                             &postparent, xdata);
-
         if (op_ret < 0) {
+                if (_fd != -1)
+                        sys_close (_fd);
+
                 if (entry_created)
                         sys_unlink (real_path);
 
@@ -2132,5 +2127,9 @@ out:
                         posix_gfid_unset (this, xdata);
         }
 
+        STACK_UNWIND_STRICT (create, frame, op_ret, op_errno,
+                             fd, (loc)?loc->inode:NULL, &stbuf, &preparent,
+                             &postparent, xdata);
+
         return 0;
 }
-- 
cgit