From 955751ad360352063d376093f7226c6f93419a50 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Mon, 14 Nov 2011 15:12:52 +0100 Subject: Fix double free if reconnection races with request sending Patch by E. Kuemmerle --- ChangeLog | 5 +++++ sshfs.c | 16 ++++++++++++---- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5d25cbd..66ca1e2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2011-11-14 Miklos Szeredi + + * Fix double free if reconnection races with request sending. + Patch by E. Kuemmerle + 2011-10-21 Miklos Szeredi * Remove "-oPreferredAuthentications" from ssh options if the diff --git a/sshfs.c b/sshfs.c index 6874e34..109d266 100644 --- a/sshfs.c +++ b/sshfs.c @@ -1752,9 +1752,16 @@ static int sftp_request_send(uint8_t type, struct iovec *iov, size_t count, err = -EIO; if (sftp_send_iov(type, id, iov, count) == -1) { + gboolean rmed; + pthread_mutex_lock(&sshfs.lock); - g_hash_table_remove(sshfs.reqtab, GUINT_TO_POINTER(id)); + rmed = g_hash_table_remove(sshfs.reqtab, GUINT_TO_POINTER(id)); pthread_mutex_unlock(&sshfs.lock); + + if (!rmed && !want_reply) { + /* request already freed */ + return err; + } goto out; } if (want_reply) @@ -1775,12 +1782,13 @@ out: static int sftp_request_iov(uint8_t type, struct iovec *iov, size_t count, uint8_t expect_type, struct buffer *outbuf) { + int err; struct request *req; - sftp_request_send(type, iov, count, NULL, NULL, expect_type, NULL, - &req); + err = sftp_request_send(type, iov, count, NULL, NULL, expect_type, NULL, + &req); if (expect_type == 0) - return 0; + return err; return sftp_request_wait(req, type, expect_type, outbuf); } -- cgit v1.2.3