Skip to content

Commit

Permalink
SUNRPC: Fix a double-free in rpcbind
Browse files Browse the repository at this point in the history 
It is wrong to be freeing up the rpcbind arguments if the call to
rpcb_call_async() fails, since they should already have been freed up by
rpcb_map_release().

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
  • Loading branch information
Trond Myklebust authored and Trond Myklebust committed Jul 8, 2008
1 parent 2aac05a commit 0d3a34b
Showing 1 changed file with 2 additions and 4 deletions.
6 changes: 2 additions & 4 deletions net/sunrpc/rpcb_clnt.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -365,18 +365,16 @@ void rpcb_getport_async(struct rpc_task *task)
rpc_release_client(rpcb_clnt);
if (IS_ERR(child)) {
status = -EIO;
/* rpcb_map_release() has freed the arguments */
dprintk("RPC: %5u %s: rpc_run_task failed\n",
task->tk_pid, __func__);
goto bailout;
goto bailout_nofree;
}
rpc_put_task(child);

task->tk_xprt->stat.bind_count++;
return;

bailout:
kfree(map);
xprt_put(xprt);
bailout_nofree:
rpcb_wake_rpcbind_waiters(xprt, status);
bailout_nowake:
Expand Down

0 comments on commit 0d3a34b

Please sign in to comment.