From 025718f1734655c411475ea338cee1659d96763e Mon Sep 17 00:00:00 2001
From: nik-redhat <nladha@redhat.com>
Date: Thu, 3 Sep 2020 15:42:45 +0530
Subject: [PATCH 595/610] glusterd: use after free (coverity issue)
Issue:
dict_unref is called on the same dict again,
in the out label of the code, which causes the
use after free issue.
Fix:
Set the dict to NULL after unref, to avoid
use after free issue.
CID: 1430127
>Updates: #1060
>Change-Id: Ide9a5cbc5f496705c671e72b0260da6d4c06f16d
>Signed-off-by: nik-redhat <nladha@redhat.com>
Upstream link: https://review.gluster.org/c/glusterfs/+/24946
BUG: 1997447
Change-Id: Id1e58cd6226b9329ad49bd5b75ee96a3a5ec5ab7
Signed-off-by: nik-redhat <nladha@redhat.com>
Reviewed-on: https://code.engineering.redhat.com/gerrit/c/rhs-glusterfs/+/280067
Reviewed-by: Sunil Kumar Heggodu Gopala Acharya <sheggodu@redhat.com>
---
xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c b/xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c
index 386eed2..b0fa490 100644
--- a/xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c
+++ b/xlators/mgmt/glusterd/src/glusterd-snapshot-utils.c
@@ -2039,8 +2039,9 @@ glusterd_update_snaps_synctask(void *opaque)
"Failed to remove snap %s", snap->snapname);
goto out;
}
- if (dict)
- dict_unref(dict);
+
+ dict_unref(dict);
+ dict = NULL;
}
snprintf(buf, sizeof(buf), "%s.accept_peer_data", prefix);
ret = dict_get_int32(peer_data, buf, &val);
--
1.8.3.1