]> git.decadent.org.uk Git - nfs-utils.git/blobdiff - utils/statd/sm-notify.c
projects / nfs-utils.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
sm-notify command: fix a use-after-free bug
[nfs-utils.git] / utils / statd / sm-notify.c
diff --git a/utils/statd/sm-notify.c b/utils/statd/sm-notify.c
index 7a7ae1ac59b00685a9ff29381ae83e5283e58fc6..d58e0be421859ed6c59880e917d53a53a874b877 100644 (file)
--- a/utils/statd/sm-notify.c
+++ b/utils/statd/sm-notify.c
@@ -131,6 +131,17 @@ static struct addrinfo *smn_lookup(const sa_family_t family, const char *name)
        return ai;
 }
 
+static void smn_forget_host(struct nsm_host *host)
+{
+       unlink(host->path);
+       free(host->path);
+       free(host->name);
+       if (host->ai)
+               freeaddrinfo(host->ai);
+
+       free(host);
+}
+
 int
 main(int argc, char **argv)
 {
@@ -193,10 +204,11 @@ usage:            fprintf(stderr,
        openlog("sm-notify", LOG_PID, LOG_DAEMON);
 
        if (strcmp(_SM_BASE_PATH, BASEDIR) == 0) {
-               if (record_pid() == 0 && force == 0 && opt_update_state == 1)
+               if (record_pid() == 0 && force == 0 && opt_update_state == 1) {
                        /* already run, don't try again */
                        nsm_log(LOG_NOTICE, "Already notifying clients; Exiting!");
                        exit(0);
+               }
        }
 
        if (opt_srcaddr) {
@@ -339,13 +351,8 @@ notify(void)
                        hp = hosts;
                        hosts = hp->next;
 
-                       if (notify_host(sock, hp)){
-                               unlink(hp->path);
-                               free(hp->name);
-                               free(hp->path);
-                               free(hp);
+                       if (notify_host(sock, hp))
                                continue;
-                       }
 
                        /* Set the timeout for this call, using an
                           exponential timeout strategy */
@@ -400,6 +407,7 @@ notify_host(int sock, struct nsm_host *host)
                        nsm_log(LOG_WARNING,
                                "%s doesn't seem to be a valid address,"
                                " skipped", host->name);
+                       smn_forget_host(host);
                        return 1;
                }
        }
@@ -544,11 +552,7 @@ recv_reply(int sock)
                if (p <= end) {
                        nsm_log(LOG_DEBUG, "Host %s notified successfully",
                                        hp->name);
-                       unlink(hp->path);
-                       free(hp->name);
-                       free(hp->path);
-                       free(hp);
-                       freeaddrinfo(hp->ai);
+                       smn_forget_host(hp);
                        return;
                }
        }
Debian package of nfs-utils