libiscsi: fix dangling pointer for outqueue_current

The outqueue_current PDU might also be in waitpdu if it does not have ISCSI_PDU_DELETE_WHEN_SENT. outqueue_current is freed after the waitpdu list (for reconnect or defer_reconnect), or sometimes not considered at all (for cancel), and this can cause a dangling pointer. Keep outqueue_current up to date when a PDU is freed. A bit hacky, but it avoids touching code all over the place. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-04-02 12:44:04 +02:00
parent 4e129d385c
commit ce0723320c
1 changed files with 4 additions and 0 deletions
--- a/lib/pdu.c
+++ b/lib/pdu.c
@@ -172,6 +172,10 @@ iscsi_free_pdu(struct iscsi_context *iscsi, struct iscsi_pdu *pdu)
 	}
 	pdu->indata.data = NULL;

+	if (iscsi->outqueue_current == pdu) {
+		iscsi->outqueue_current = NULL;
+	}
+
 	iscsi_sfree(iscsi, pdu);
 }