[Open-FCoE] [PATCH] fcoemon: Double free of sock_reply pointer when create fails

Nithin Nayak Sujir Thu, 08 Dec 2011 11:57:03 -0800

Calling create twice on the same port results in the 2nd create failing
with a "connection already exists" message. However the fcm_cli_create
function still sets the sock_reply pointer to reply sockinfo structure.
On return to the caller, the reply pointer is freed because the create
returns an error code. The invalid sock_reply pointer is then again
freed in fcm_handle_changes resulting in corruption.


The fix is to set sock_reply only on a successful create.

Signed-off-by: Nithin Nayak Sujir <nsu...@broadcom.com>
---
 fcoemon.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/fcoemon.c b/fcoemon.c
index fd8cd1e..7b191f7 100644
--- a/fcoemon.c
+++ b/fcoemon.c
@@ -2921,9 +2921,9 @@ static enum fcoe_status fcm_cli_create(char *ifname,
                goto out;
 
        rc = SUCCESS;
+       p->sock_reply = *r;
 
 out:
-       p->sock_reply = *r;
        return rc;
 }
 
-- 
1.7.1


_______________________________________________
devel mailing list
devel@open-fcoe.org
https://lists.open-fcoe.org/mailman/listinfo/devel

[Open-FCoE] [PATCH] fcoemon: Double free of sock_reply pointer when create fails

Reply via email to