summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEmmanuel Dreyfus <manu@netbsd.org>2015-04-08 10:49:07 +0200
committerVijay Bellur <vbellur@redhat.com>2015-04-11 18:11:11 +0000
commitd10bd788fada54ad095e19b5aedf949e23fdabb2 (patch)
tree3cace28691af65cd2ffea104e6f36c80f7cf09e7
parent169ea3e4939b79e5f658d44ac190221324a8967f (diff)
crypt xlator: Fix memory coruption after free
crypt xlator allocated local memory through mem_get0(), but code called through STACK_DESTROY()/FRAME_DESTROY() does not expect memory to be allocated that way: it will use GF_FREE() even for data allocated by mem_get0(), which should be given the mem_put() treatment. As a result, allocating using mem_get0(), while relying on FRAME_DESTROY() cleanup led to memory corruption. Using GF_CALLOC() instead of mem_get0() sets memory allocation on par with cleanup code, and crypt.t can pass on NetBSD. The initial patch was crafted by Raghavendra Talur. BUG: 1129939 Change-Id: Ib71b4b57f8d1bb782f950e3c8fa74a4f7e10946e Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org> Reviewed-on: http://review.gluster.org/10109 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
-rw-r--r--xlators/encryption/crypt/src/crypt-mem-types.h1
-rw-r--r--xlators/encryption/crypt/src/crypt.c2
2 files changed, 2 insertions, 1 deletions
diff --git a/xlators/encryption/crypt/src/crypt-mem-types.h b/xlators/encryption/crypt/src/crypt-mem-types.h
index 2eab921fcba..1954c579423 100644
--- a/xlators/encryption/crypt/src/crypt-mem-types.h
+++ b/xlators/encryption/crypt/src/crypt-mem-types.h
@@ -24,6 +24,7 @@ enum gf_crypt_mem_types_ {
gf_crypt_mt_key,
gf_crypt_mt_iovec,
gf_crypt_mt_char,
+ gf_crypt_mt_local,
gf_crypt_mt_end,
};
diff --git a/xlators/encryption/crypt/src/crypt.c b/xlators/encryption/crypt/src/crypt.c
index 2c296061ff7..5387f84303c 100644
--- a/xlators/encryption/crypt/src/crypt.c
+++ b/xlators/encryption/crypt/src/crypt.c
@@ -48,7 +48,7 @@ static crypt_local_t *crypt_alloc_local(call_frame_t *frame, xlator_t *this,
{
crypt_local_t *local = NULL;
- local = mem_get0(this->local_pool);
+ local = GF_CALLOC (1, sizeof (*local), gf_crypt_mt_local);
if (!local) {
gf_log(this->name, GF_LOG_ERROR, "out of memory");
return NULL;