ceph: fix xattr dangling pointer / double free

If we use the xattr_blob, clear the pointer so we don't release the memory at the bottom of the fuction. Reported-by: Henry C Chang <henry_c_chang@tcloudcomputing.com> Signed-off-by: Sage Weil <sage@newdream.net>
author: Sage Weil <sage@newdream.net> 2010-04-29 12:28:11 -0400
committer: Sage Weil <sage@newdream.net> 2010-05-17 18:25:25 -0400
commit: a6424e48c8d54a5795430b07c4487f1ed280df4e (patch)
tree: 34731c9cb1df3cfe885d4526ce79ca50c50b7b4a
parent: 9dd4658db1be5ca92c2ed2fd7a100d973125d9c5 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c
index ef917232cf37..913cafd70cd0 100644
--- a/fs/ceph/inode.c
+++ b/fs/ceph/inode.c
@@ -619,6 +619,7 @@ static int fill_inode(struct inode *inode,
                        memcpy(ci->i_xattrs.blob->vec.iov_base,
                               iinfo->xattr_data, iinfo->xattr_len);
                ci->i_xattrs.version = le64_to_cpu(info->xattr_version);
+                xattr_blob = NULL;
        }
        inode->i_mapping->a_ops = &ceph_aops;
author	Sage Weil <sage@newdream.net>	2010-04-29 12:28:11 -0400
committer	Sage Weil <sage@newdream.net>	2010-05-17 18:25:25 -0400
commit	a6424e48c8d54a5795430b07c4487f1ed280df4e (patch)
tree	34731c9cb1df3cfe885d4526ce79ca50c50b7b4a
parent	9dd4658db1be5ca92c2ed2fd7a100d973125d9c5 (diff)

diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c index ef917232cf37..913cafd70cd0 100644 --- a/fs/ceph/inode.c +++ b/fs/ceph/inode.c
@@ -619,6 +619,7 @@ static int fill_inode(struct inode *inode,
619	memcpy(ci->i_xattrs.blob->vec.iov_base,	619	memcpy(ci->i_xattrs.blob->vec.iov_base,
620	iinfo->xattr_data, iinfo->xattr_len);	620	iinfo->xattr_data, iinfo->xattr_len);
621	ci->i_xattrs.version = le64_to_cpu(info->xattr_version);	621	ci->i_xattrs.version = le64_to_cpu(info->xattr_version);
		622	xattr_blob = NULL;
622	}	623	}
623		624
624	inode->i_mapping->a_ops = &ceph_aops;	625	inode->i_mapping->a_ops = &ceph_aops;