RPM: fix double free in portmapper code

rpc_run_task is guaranteed to always call ->rpc_release. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: Neil Brown <neilb@suse.de> Cc: Jan "Yenya" Kasprzak <kas@fi.muni.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

RPM: fix double free in portmapper code
rpc_run_task is guaranteed to always call ->rpc_release. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: Neil Brown <neilb@suse.de> Cc: Jan "Yenya" Kasprzak <kas@fi.muni.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
af2fec73 · Trond Myklebust · Greg Kroah-Hartman · 25239266 · af2fec73
Commit af2fec73 authored Feb 05, 2007 by Trond Myklebust Committed by Greg Kroah-Hartman Mar 09, 2007
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 3 deletions

net/sunrpc/pmap_clnt.c net/sunrpc/pmap_clnt.c +5 -3

No files found.
--- a/net/sunrpc/pmap_clnt.c
+++ b/net/sunrpc/pmap_clnt.c
@@ -62,7 +62,10 @@ static inline void pmap_map_free(struct portmap_args *map)

 static void pmap_map_release(void *data)
 {
-	pmap_map_free(data);
+	struct portmap_args *map = data;
+
+	xprt_put(map->pm_xprt);
+	pmap_map_free(map);
 }

 static const struct rpc_call_ops pmap_getport_ops = {
@@ -133,7 +136,7 @@ void rpc_getport(struct rpc_task *task)
 	status = -EIO;
 	child = rpc_run_task(pmap_clnt, RPC_TASK_ASYNC, &pmap_getport_ops, map);
 	if (IS_ERR(child))
-		goto bailout;
+		goto bailout_nofree;
 	rpc_put_task(child);

 	task->tk_xprt->stat.bind_count++;
@@ -222,7 +225,6 @@ static void pmap_getport_done(struct rpc_task *child, void *data)
 			child->tk_pid, status, map->pm_port);

 	pmap_wake_portmap_waiters(xprt, status);
-	xprt_put(xprt);
 }

 /**