tools: Fix heap-use-after-free problem
authorAmitay Isaacs <amitay@gmail.com>
Tue, 14 Oct 2014 06:52:55 +0000 (17:52 +1100)
committerAmitay Isaacs <amitay@gmail.com>
Mon, 8 Dec 2014 11:05:25 +0000 (22:05 +1100)
Found by address sanitizer.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Oct 17 12:56:02 CEST 2014 on sn-devel-104

(Imported from commit 470af881479d1a1588dc23ef40622b4d8f006b61)

tools/ctdb.c

index e4b23b60c90f82bf3939b132ed9a74f420526dab..cd24ffe1ba8f8d090fd246beaa6fa0c89b46a0a5 100644 (file)
@@ -898,6 +898,7 @@ static int find_node_xpnn(void)
        TALLOC_CTX *mem_ctx = talloc_new(NULL);
        struct pnn_node *pnn_nodes;
        struct pnn_node *pnn_node;
+       int pnn;
 
        pnn_nodes = read_nodes_file(mem_ctx);
        if (pnn_nodes == NULL) {
@@ -908,8 +909,9 @@ static int find_node_xpnn(void)
 
        for(pnn_node=pnn_nodes;pnn_node;pnn_node=pnn_node->next) {
                if (ctdb_sys_have_ip(&pnn_node->addr)) {
+                       pnn = pnn_node->pnn;
                        talloc_free(mem_ctx);
-                       return pnn_node->pnn;
+                       return pnn;
                }
        }
 
@@ -1820,6 +1822,7 @@ find_other_host_for_public_ip(struct ctdb_context *ctdb, ctdb_sock_addr *addr)
        struct ctdb_all_public_ips *ips;
        struct ctdb_node_map *nodemap=NULL;
        int i, j, ret;
+       int pnn;
 
        ret = ctdb_ctrl_getnodemap(ctdb, TIMELIMIT(), CTDB_CURRENT_NODE, tmp_ctx, &nodemap);
        if (ret != 0) {
@@ -1845,8 +1848,9 @@ find_other_host_for_public_ip(struct ctdb_context *ctdb, ctdb_sock_addr *addr)
 
                for (j=0;j<ips->num;j++) {
                        if (ctdb_same_ip(addr, &ips->ips[j].addr)) {
+                               pnn = nodemap->nodes[i].pnn;
                                talloc_free(tmp_ctx);
-                               return nodemap->nodes[i].pnn;
+                               return pnn;
                        }
                }
                talloc_free(ips);