[NFS-Ganesha-Devel] [XS] Change in ...nfs-ganesha[next]: Fix use-after-free in rados_kv_connect error paths

Oscar Ou has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1237890?usp=email ) Change subject: Fix use-after-free in rados_kv_connect error paths ...................................................................... Fix use-after-free in rados_kv_connect error paths rados_kv_connect() calls rados_shutdown(clnt) in its error paths but does not reset the file-scope static 'clnt' pointer to NULL. When the caller (e.g. rados_cluster_init) subsequently invokes rados_kv_shutdown() for cleanup, it sees a non-NULL clnt and calls rados_shutdown() again on the already-freed handle, causing a use-after-free crash in pthread_mutex_lock. Also fix rados_ioctx_create failure path which fell through to rados_ioctx_set_namespace() with an invalid io_ctx pointer. Change-Id: Id9a8ef55e15bda21d43ab591ca9318884fed49bc Signed-off-by: Oscar Ou <oscarou(a)synology.com&gt; --- M src/SAL/recovery/recovery_rados_kv.c 1 file changed, 5 insertions(+), 0 deletions(-) git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/90/1237890/1 -- To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1237890?usp=email To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: ffilz/nfs-ganesha Gerrit-Branch: next Gerrit-Change-Id: Id9a8ef55e15bda21d43ab591ca9318884fed49bc Gerrit-Change-Number: 1237890 Gerrit-PatchSet: 1 Gerrit-Owner: Oscar Ou <oscarou(a)synology.com&gt;