gluster/glusterfs
1
0
Fork 0
mirror of https://github.com/gluster/glusterfs.git synced 2026-02-06 00:49:30 +01:00
Code Issues Releases Wiki Activity

api/glfs: Fix use after free in readdir (#4477)

Browse Source 
There is a code path in glfs readdir where we might end up
using a free'ed memory. A possible case is when we use the
fd to read the offset 0 after reading the content at least
once, and the during the second time, the readdir return 0,
probably due to the contents got deleted.

Change-Id: I08fa6cc9b924b90597ef4498e081cae9339fbd6a
Fixes: #3955

Signed-off-by: Mohammed Rafi KC <rafi.kavungal@iternity.com>
This commit is contained in:
Rafi KC
2025-02-18 15:34:11 +05:30
committed by GitHub
parent 909a01f351
commit 490e018484
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/src/glfs-fops.c
View File

@@ -48,6 +48,7 @@ glfs_mark_glfd_for_deletion(struct glfs_fd *glfd)
LOCK(&glfd->lock);
{
glfd->state = GLFD_CLOSE;
glfd->next = NULL;
}
UNLOCK(&glfd->lock);
@@ -4014,6 +4015,11 @@ glfd_entry_refresh(struct glfs_fd *glfd, int plus)
}
list_splice_init(&glfd->entries, &old.list);
/* If glfd->next is non null means, this entry is from the old
* list, there is no point in keeping the free'ed data. Hence
* set to NULL;
*/
glfd->next = NULL;
list_splice_init(&entries.list, &glfd->entries);
/* spurious errno is dangerous for glfd_entry_next() */