summaryrefslogtreecommitdiffstats
path: root/libglusterfs
diff options
context:
space:
mode:
authorRaghavendra G <rgowdapp@redhat.com>2016-01-14 16:11:27 +0530
committerRaghavendra G <rgowdapp@redhat.com>2016-01-17 21:25:20 -0800
commitc862580c66ed7d2a8dc96b9051e5df86e1aae0d0 (patch)
tree1ef6a6d4a09aa7b26a9e9b34394c4b7262dd2673 /libglusterfs
parent7fa96199d669423d8ed2d2271fd603d641e603b8 (diff)
protocol/server: Fix memory corruption during client-table-expand.
gf_client_clienttable_expand frees up old entries after expanding. So, cliententry should be reassigned to a free slot in new array of cliententries. Earlier it used to point to a slot in oldentries resulting in a use-after-free bug. Thanks to Pranith for the assistance provided. Change-Id: Iabe40c7df475471a7df7bccb302aef496ded3f1c BUG: 1298498 Signed-off-by: Raghavendra G <rgowdapp@redhat.com> Reviewed-on: http://review.gluster.org/13241 Smoke: Gluster Build System <jenkins@build.gluster.com> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> CentOS-regression: Gluster Build System <jenkins@build.gluster.com>
Diffstat (limited to 'libglusterfs')
-rw-r--r--libglusterfs/src/client_t.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/libglusterfs/src/client_t.c b/libglusterfs/src/client_t.c
index 1c291518564..8cf14865665 100644
--- a/libglusterfs/src/client_t.c
+++ b/libglusterfs/src/client_t.c
@@ -265,6 +265,7 @@ gf_client_get (xlator_t *this, struct rpcsvc_auth_data *cred, char *client_uid)
errno = result;
goto unlock;
}
+ cliententry = &clienttable->cliententries[client->tbl_index];
cliententry->next_free = clienttable->first_free;
}
cliententry->client = client;