Return-Path: Received: from mx1.redhat.com ([209.132.183.28]:46814 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729073AbeIFTAF (ORCPT ); Thu, 6 Sep 2018 15:00:05 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D09DF8666D for ; Thu, 6 Sep 2018 14:24:18 +0000 (UTC) Subject: Re: [nfs-utils PATCH] statd: fix use-after-free in monitor list if insertion fails To: Frank Sorenson , linux-nfs@vger.kernel.org References: From: Steve Dickson Message-ID: <7d2ce33d-8f08-6a15-b47f-824554477eb7@RedHat.com> Date: Thu, 6 Sep 2018 10:24:16 -0400 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Sender: linux-nfs-owner@vger.kernel.org List-ID: On 09/01/2018 02:07 AM, Frank Sorenson wrote: > If nsm_insert_monitored_host() fails while saving the record to > stable storage, we can't just assume the entry was new. Existing > records must be removed from the list before being freed. > > Signed-off-by: Frank Sorenson Committed.... steved. > > diff --git a/utils/statd/monitor.c b/utils/statd/monitor.c > index 45c4346..9400048 100644 > --- a/utils/statd/monitor.c > +++ b/utils/statd/monitor.c > @@ -197,7 +197,7 @@ sm_mon_1_svc(struct mon *argp, struct svc_req *rqstp) > > if (!nsm_insert_monitored_host(dnsname, > (struct sockaddr *)(char *)&my_addr, argp)) { > - nlist_free(NULL, clnt); > + nlist_free(existing ? &rtnl : NULL, clnt); > goto failure; > } > >