From 025718f1734655c411475ea338cee1659d96763e Mon Sep 17 00:00:00 2001

From: nik-redhat <nladha@redhat.com>

Date: Thu, 3 Sep 2020 15:42:45 +0530

Subject: [PATCH 595/610] glusterd: use after free (coverity issue)

Issue:

dict_unref is called on the same dict again,

in the out label of the code, which causes the

use after free issue.

Fix:

Set the dict to NULL after unref, to avoid

use after free issue.

CID: 1430127

>Updates: #1060

>Change-Id: Ide9a5cbc5f496705c671e72b0260da6d4c06f16d

>Signed-off-by: nik-redhat <nladha@redhat.com>

Upstream link: https://review.gluster.org/c/glusterfs/+/24946

BUG: 1997447

Change-Id: Id1e58cd6226b9329ad49bd5b75ee96a3a5ec5ab7

Signed-off-by: nik-redhat <nladha@redhat.com>

Reviewed-on: https://code.engineering.redhat.com/gerrit/c/rhs-glusterfs/+/280067

Reviewed-by: Sunil Kumar Heggodu Gopala Acharya <sheggodu@redhat.com>

---

 xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c | 5 +++--

 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c b/xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c

index 386eed2..b0fa490 100644

--- a/xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c

+++ b/xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c

@@ -2039,8 +2039,9 @@ glusterd_update_snaps_synctask(void *opaque)

                        "Failed to remove snap %s", snap->snapname);

                 goto out;

             }

-            if (dict)

-                dict_unref(dict);

+

+            dict_unref(dict);

+            dict = NULL;

         }

         snprintf(buf, sizeof(buf), "%s.accept_peer_data", prefix);

         ret = dict_get_int32(peer_data, buf, &val;;

-- 

1.8.3.1