RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2024-12-28 14:34:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

librados: invalid free() in rados_getxattrs_next()

Browse Source 
Invalid free() can cause corruption when getting an object
attribute with empty value.

Check the validity of the pointer before free(). Also move
the free() call at the start of rados_getxattrs_next() to
avoid memory leak.

Fixes: http://tracker.ceph.com/issues/22042
Signed-off-by: Gu Zhongyan <guzhongyan@360.cn>
This commit is contained in:
Gu Zhongyan 2018-02-02 18:01:05 +08:00
parent d9637b7675
commit 015736d484
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/librados/librados.cc
View File

@ -4281,6 +4281,10 @@ extern "C" int rados_getxattrs_next(rados_xattrs_iter_t iter,
{
tracepoint(librados, rados_getxattrs_next_enter, iter);
librados::RadosXattrsIter *it = static_cast<librados::RadosXattrsIter*>(iter);
if (it->val) {
free(it->val);
it->val = NULL;
}
if (it->i == it->attrset.end()) {
*name = NULL;
*val = NULL;
@ -4288,7 +4292,6 @@ extern "C" int rados_getxattrs_next(rados_xattrs_iter_t iter,
tracepoint(librados, rados_getxattrs_next_exit, 0, NULL, NULL, 0);
return 0;
}
free(it->val);
const std::string &s(it->i->first);
*name = s.c_str();
bufferlist &bl(it->i->second);