diff options
author | Raghavendra Bhat <raghavendra@redhat.com> | 2014-01-09 20:22:58 +0530 |
---|---|---|
committer | Raghavendra Bhat <raghavendra@redhat.com> | 2014-01-13 10:23:39 +0530 |
commit | bae3b86cc44adb43fb70f674da1d9e31c60bba96 (patch) | |
tree | 99a14ea82cd339a1b80478e5d70e63f2eef65313 /xlators/protocol/server/src | |
parent | 847e14ccbaddd5d1f06f9200cba063ee007199ad (diff) |
protocol/server: copy the response into the payload instead of using the pointer
The response structure filled up in server_submit_reply is local to the
function (i.e stack allocated) whose address is stored in the barrier
payload to use later while sending the replies. But after the function
is exited (server_submit_reply) the pointer is not valid and contains
invalid data, which either leads in a segfault due to illegal memory
access or reply not being sent as the total length of the reply obtained
from that memory might not be valid.
So instead of saving the pointer inside the payload, save the complete
reply itself.
Change-Id: I7d0b7b181584865199357a67165b99bf35def5ab
Signed-off-by: Raghavendra Bhat <raghavendra@redhat.com>
Diffstat (limited to 'xlators/protocol/server/src')
-rw-r--r-- | xlators/protocol/server/src/server-helpers.c | 7 | ||||
-rw-r--r-- | xlators/protocol/server/src/server.h | 2 |
2 files changed, 6 insertions, 3 deletions
diff --git a/xlators/protocol/server/src/server-helpers.c b/xlators/protocol/server/src/server-helpers.c index 12951a798..a4055f1b8 100644 --- a/xlators/protocol/server/src/server-helpers.c +++ b/xlators/protocol/server/src/server-helpers.c @@ -964,7 +964,7 @@ gf_barrier_transmit (server_conf_t *conf, gf_barrier_payload_t *payload) if (client) lk_heal = ((server_conf_t *) client->this->private)->lk_heal; - ret = rpcsvc_submit_generic (payload->req, payload->rsp, 1, + ret = rpcsvc_submit_generic (payload->req, &payload->rsp, 1, payload->payload, payload->payload_count, payload->iobref); iobuf_unref (payload->iob); @@ -1240,6 +1240,9 @@ gf_barrier_payload (rpcsvc_request_t *req, struct iovec *rsp, { gf_barrier_payload_t *payload = NULL; + if (!rsp) + return NULL; + payload = GF_CALLOC (1, sizeof (*payload),1); if (!payload) return NULL; @@ -1247,7 +1250,7 @@ gf_barrier_payload (rpcsvc_request_t *req, struct iovec *rsp, INIT_LIST_HEAD (&payload->list); payload->req = req; - payload->rsp = rsp; + memcpy (&payload->rsp, rsp, sizeof (struct iovec)); payload->frame = frame; payload->payload = payload_orig; payload->payload_count = payloadcount; diff --git a/xlators/protocol/server/src/server.h b/xlators/protocol/server/src/server.h index 82554aee9..165058ec3 100644 --- a/xlators/protocol/server/src/server.h +++ b/xlators/protocol/server/src/server.h @@ -30,7 +30,7 @@ struct _gf_barrier_payload { rpcsvc_request_t *req; - struct iovec *rsp; + struct iovec rsp; call_frame_t *frame; struct iovec *payload; struct iobref *iobref; |