From 9fc6cf898bcb7dc0f3f671e734678616722d0721 Mon Sep 17 00:00:00 2001 From: Raghavendra Bhat Date: Mon, 3 Dec 2018 11:51:52 -0500 Subject: rpc: check if fini is there before calling it The rpc_transport_t structure is allocated and filled in the rpc_transport_load function. If filling the fileds of the rpc structure fails, then in the failure handling the structure is freed by rpc_transport_cleanup. There, it unconditionally calls fini. But, if the failure handling was invoked because of any failure in between the allocation of rpc_transport_t and filling the transport->fini (including the failure to fill fini ()), then rpc_transport_cleanup can lead to a segfault. Change-Id: I8be9b84cd6b19933c559c9736198a6e440373f68 fixes: bz#1654917 Signed-off-by: Raghavendra Bhat --- rpc/rpc-lib/src/rpc-transport.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'rpc/rpc-lib/src/rpc-transport.c') diff --git a/rpc/rpc-lib/src/rpc-transport.c b/rpc/rpc-lib/src/rpc-transport.c index 8bb6b595175..7e70b5dfdb1 100644 --- a/rpc/rpc-lib/src/rpc-transport.c +++ b/rpc/rpc-lib/src/rpc-transport.c @@ -165,7 +165,9 @@ rpc_transport_cleanup(rpc_transport_t *trans) if (!trans) return; - trans->fini(trans); + if (trans->fini) + trans->fini(trans); + GF_FREE(trans->name); if (trans->xl) -- cgit