Currently we add a given host to the uuid hash table, then call
RXAFS_InitCallBackState3, and then only initialize the host->interface
structure if the ICBS3 call succeeded.
If the ICBS3 call fails, we have added a host to the uuid hash table,
but the host structure does not contain that uuid. If the host is then
deleted, we will not remove the host from the uuid hash table (since
host->interface is NULL), and so the uuid hash table entry will still
point to the freed host. If that host is then later looked up via that
uuid, we can reference a freed host, which can cause all kinds of
undefined behavior.
So instead, add the host to the uuid hash table at the same time that
we initialize the host->interface structure, inside
initInterfaceAddr_r.
FIXES 131277
Reviewed-on: http://gerrit.openafs.org/8846
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit
7b642173c7cd7b6b7130214c1a940501736abbf0)
Change-Id: I838b55244a9745dd07b7d633cb3091414162b0d5
Reviewed-on: http://gerrit.openafs.org/8868
Tested-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
/* the new host is held and locked */
} else {
/* This really is a new host */
- h_AddHostToUuidHashTable_r(&identP->uuid, host);
cb_conn = host->callback_rxcon;
rx_GetConnection(cb_conn);
H_UNLOCK;
osi_Assert(!host->interface);
host->interface = interface;
+ h_AddHostToUuidHashTable_r(&interface->uuid, host);
+
if (LogLevel >= 125) {
afsUUID_to_string(&interface->uuid, uuidstr, 127);
projects / packages / o / openafs.git / commitdiff