From 7b642173c7cd7b6b7130214c1a940501736abbf0 Mon Sep 17 00:00:00 2001 From: Andrew Deason Date: Fri, 28 Dec 2012 12:58:33 -0500 Subject: [PATCH] viced: Avoid dangling uuid hash table entry Currently we add a given host to the uuid hash table, then call RXAFS_InitCallBackState3, and then only initialize the host->interface structure if the ICBS3 call succeeded. If the ICBS3 call fails, we have added a host to the uuid hash table, but the host structure does not contain that uuid. If the host is then deleted, we will not remove the host from the uuid hash table (since host->interface is NULL), and so the uuid hash table entry will still point to the freed host. If that host is then later looked up via that uuid, we can reference a freed host, which can cause all kinds of undefined behavior. So instead, add the host to the uuid hash table at the same time that we initialize the host->interface structure, inside initInterfaceAddr_r. FIXES 131277 Change-Id: Ib2ca82cc498877ec896ab1806cf675f1271ec214 Reviewed-on: http://gerrit.openafs.org/8846 Reviewed-by: Derrick Brashear Tested-by: BuildBot --- src/viced/host.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/viced/host.c b/src/viced/host.c index 654e0a4deb..e65dee0b02 100644 --- a/src/viced/host.c +++ b/src/viced/host.c @@ -2127,7 +2127,6 @@ h_GetHost_r(struct rx_connection *tcon) /* the new host is held and locked */ } else { /* This really is a new host */ - h_AddHostToUuidHashTable_r(&identP->uuid, host); cb_conn = host->callback_rxcon; rx_GetConnection(cb_conn); H_UNLOCK; @@ -4123,6 +4122,8 @@ initInterfaceAddr_r(struct host *host, struct interfaceAddr *interf) opr_Assert(!host->interface); host->interface = interface; + h_AddHostToUuidHashTable_r(&interface->uuid, host); + if (LogLevel >= 125) { afsUUID_to_string(&interface->uuid, uuidstr, 127);