aboutsummaryrefslogtreecommitdiff
path: root/sshfs.c
diff options
context:
space:
mode:
authorMiklos Szeredi <mszeredi@suse.cz>2011-11-14 15:12:52 +0100
committerMiklos Szeredi <mszeredi@suse.cz>2011-11-14 15:12:52 +0100
commit955751ad360352063d376093f7226c6f93419a50 (patch)
tree29754c916459a63b0c5dfa276039e85336848e0f /sshfs.c
parentb5f0c128f57f75575429e5cc037fa5833011f7cf (diff)
downloadsshfs-955751ad360352063d376093f7226c6f93419a50.tar
sshfs-955751ad360352063d376093f7226c6f93419a50.tar.gz
sshfs-955751ad360352063d376093f7226c6f93419a50.tar.bz2
sshfs-955751ad360352063d376093f7226c6f93419a50.zip
Fix double free if reconnection races with request sending
Patch by E. Kuemmerle
Diffstat (limited to 'sshfs.c')
-rw-r--r--sshfs.c16
1 files changed, 12 insertions, 4 deletions
diff --git a/sshfs.c b/sshfs.c
index 6874e34..109d266 100644
--- a/sshfs.c
+++ b/sshfs.c
@@ -1752,9 +1752,16 @@ static int sftp_request_send(uint8_t type, struct iovec *iov, size_t count,
err = -EIO;
if (sftp_send_iov(type, id, iov, count) == -1) {
+ gboolean rmed;
+
pthread_mutex_lock(&sshfs.lock);
- g_hash_table_remove(sshfs.reqtab, GUINT_TO_POINTER(id));
+ rmed = g_hash_table_remove(sshfs.reqtab, GUINT_TO_POINTER(id));
pthread_mutex_unlock(&sshfs.lock);
+
+ if (!rmed && !want_reply) {
+ /* request already freed */
+ return err;
+ }
goto out;
}
if (want_reply)
@@ -1775,12 +1782,13 @@ out:
static int sftp_request_iov(uint8_t type, struct iovec *iov, size_t count,
uint8_t expect_type, struct buffer *outbuf)
{
+ int err;
struct request *req;
- sftp_request_send(type, iov, count, NULL, NULL, expect_type, NULL,
- &req);
+ err = sftp_request_send(type, iov, count, NULL, NULL, expect_type, NULL,
+ &req);
if (expect_type == 0)
- return 0;
+ return err;
return sftp_request_wait(req, type, expect_type, outbuf);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-19 09:59:49 +0000