liyinshu has uploaded this change for review.

View Change

Fix crash for used after free of res_compound4_extended when replay request

This caused by commit 5f06bd1c40b89c726ccb0f0284caace66d12a1d0, which first
release_nfs4_res_compound(data->res->res_compound4_extended), then assign
res_SEQUENCE4->sr_status with NFS4_OK. Because res_SEQUENCE4 is in
data->res->res_compound4_extended, so heap used after free happens.
Actually we did not need to assign res_SEQUENCE4->sr_status with NFS4_OK
for replay request, because it will comes from slot->cached_result.
Even before commit 5f06bd1c40b89c726ccb0f0284caace66d12a1d0,
the res_SEQUENCE4 also will be freed in complete_op by release_nfs4_res_compound,
so we did not need to assign the value of res_SEQUENCE4.

Change-Id: I9e3f4823e23718bf421c5237cc78a878b6f3014e
Signed-off-by: liyinshu <liyinshu@bytedance.com>
---
M src/Protocols/NFS/nfs4_op_sequence.c
1 file changed, 20 insertions(+), 1 deletion(-)

git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/05/548005/1

To view, visit change 548005. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: ffilz/nfs-ganesha
Gerrit-Branch: next
Gerrit-Change-Id: I9e3f4823e23718bf421c5237cc78a878b6f3014e
Gerrit-Change-Number: 548005
Gerrit-PatchSet: 1
Gerrit-Owner: liyinshu <liyinshu@bytedance.com>
Gerrit-MessageType: newchange