|
 |
c5d8c8 |
From 025718f1734655c411475ea338cee1659d96763e Mon Sep 17 00:00:00 2001
|
|
|
c5d8c8 |
From: nik-redhat <nladha@redhat.com>
|
|
|
c5d8c8 |
Date: Thu, 3 Sep 2020 15:42:45 +0530
|
|
|
c5d8c8 |
Subject: [PATCH 595/610] glusterd: use after free (coverity issue)
|
|
|
c5d8c8 |
|
|
|
c5d8c8 |
Issue:
|
|
|
c5d8c8 |
dict_unref is called on the same dict again,
|
|
|
c5d8c8 |
in the out label of the code, which causes the
|
|
|
c5d8c8 |
use after free issue.
|
|
|
c5d8c8 |
|
|
|
c5d8c8 |
Fix:
|
|
|
c5d8c8 |
Set the dict to NULL after unref, to avoid
|
|
|
c5d8c8 |
use after free issue.
|
|
|
c5d8c8 |
|
|
|
c5d8c8 |
CID: 1430127
|
|
|
c5d8c8 |
|
|
|
c5d8c8 |
>Updates: #1060
|
|
|
c5d8c8 |
|
|
|
c5d8c8 |
>Change-Id: Ide9a5cbc5f496705c671e72b0260da6d4c06f16d
|
|
|
c5d8c8 |
>Signed-off-by: nik-redhat <nladha@redhat.com>
|
|
|
c5d8c8 |
|
|
|
c5d8c8 |
Upstream link: https://review.gluster.org/c/glusterfs/+/24946
|
|
|
c5d8c8 |
BUG: 1997447
|
|
|
c5d8c8 |
|
|
|
c5d8c8 |
Change-Id: Id1e58cd6226b9329ad49bd5b75ee96a3a5ec5ab7
|
|
|
c5d8c8 |
Signed-off-by: nik-redhat <nladha@redhat.com>
|
|
|
c5d8c8 |
Reviewed-on: https://code.engineering.redhat.com/gerrit/c/rhs-glusterfs/+/280067
|
|
|
c5d8c8 |
Reviewed-by: Sunil Kumar Heggodu Gopala Acharya <sheggodu@redhat.com>
|
|
|
c5d8c8 |
---
|
|
|
c5d8c8 |
xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c | 5 +++--
|
|
|
c5d8c8 |
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
c5d8c8 |
|
|
|
c5d8c8 |
diff --git a/xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c b/xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c
|
|
|
c5d8c8 |
index 386eed2..b0fa490 100644
|
|
|
c5d8c8 |
--- a/xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c
|
|
|
c5d8c8 |
+++ b/xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c
|
|
|
c5d8c8 |
@@ -2039,8 +2039,9 @@ glusterd_update_snaps_synctask(void *opaque)
|
|
|
c5d8c8 |
"Failed to remove snap %s", snap->snapname);
|
|
|
c5d8c8 |
goto out;
|
|
|
c5d8c8 |
}
|
|
|
c5d8c8 |
- if (dict)
|
|
|
c5d8c8 |
- dict_unref(dict);
|
|
|
c5d8c8 |
+
|
|
|
c5d8c8 |
+ dict_unref(dict);
|
|
|
c5d8c8 |
+ dict = NULL;
|
|
|
c5d8c8 |
}
|
|
|
c5d8c8 |
snprintf(buf, sizeof(buf), "%s.accept_peer_data", prefix);
|
|
|
c5d8c8 |
ret = dict_get_int32(peer_data, buf, &val;;
|
|
|
c5d8c8 |
--
|
|
|
c5d8c8 |
1.8.3.1
|
|
|
c5d8c8 |
|