]> git.decadent.org.uk Git - nfs-utils.git/blobdiff - utils/statd/sm-notify.c
projects / nfs-utils.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
sm-notify command: fix a use-after-free bug
[nfs-utils.git] / utils / statd / sm-notify.c
diff --git a/utils/statd/sm-notify.c b/utils/statd/sm-notify.c
index d8e2c011701b05a539ba4c65ea83545541204542..d58e0be421859ed6c59880e917d53a53a874b877 100644 (file)
--- a/utils/statd/sm-notify.c
+++ b/utils/statd/sm-notify.c
@@ -131,6 +131,17 @@ static struct addrinfo *smn_lookup(const sa_family_t family, const char *name)
        return ai;
 }
 
        return ai;
 }
 
+static void smn_forget_host(struct nsm_host *host)
+{
+       unlink(host->path);
+       free(host->path);
+       free(host->name);
+       if (host->ai)
+               freeaddrinfo(host->ai);
+
+       free(host);
+}
+
 int
 main(int argc, char **argv)
 {
 int
 main(int argc, char **argv)
 {
@@ -340,13 +351,8 @@ notify(void)
                        hp = hosts;
                        hosts = hp->next;
 
                        hp = hosts;
                        hosts = hp->next;
 
-                       if (notify_host(sock, hp)){
-                               unlink(hp->path);
-                               free(hp->name);
-                               free(hp->path);
-                               free(hp);
+                       if (notify_host(sock, hp))
                                continue;
                                continue;
-                       }
 
                        /* Set the timeout for this call, using an
                           exponential timeout strategy */
 
                        /* Set the timeout for this call, using an
                           exponential timeout strategy */
@@ -401,6 +407,7 @@ notify_host(int sock, struct nsm_host *host)
                        nsm_log(LOG_WARNING,
                                "%s doesn't seem to be a valid address,"
                                " skipped", host->name);
                        nsm_log(LOG_WARNING,
                                "%s doesn't seem to be a valid address,"
                                " skipped", host->name);
+                       smn_forget_host(host);
                        return 1;
                }
        }
                        return 1;
                }
        }
@@ -545,11 +552,7 @@ recv_reply(int sock)
                if (p <= end) {
                        nsm_log(LOG_DEBUG, "Host %s notified successfully",
                                        hp->name);
                if (p <= end) {
                        nsm_log(LOG_DEBUG, "Host %s notified successfully",
                                        hp->name);
-                       unlink(hp->path);
-                       free(hp->name);
-                       free(hp->path);
-                       free(hp);
-                       freeaddrinfo(hp->ai);
+                       smn_forget_host(hp);
                        return;
                }
        }
                        return;
                }
        }
Debian package of nfs-utils