From ce0723320cf485ffce4e497d6e0ca30946c83580 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Wed, 2 Apr 2014 12:44:04 +0200
Subject: [PATCH] libiscsi: fix dangling pointer for outqueue_current

The outqueue_current PDU might also be in waitpdu if it does not have
ISCSI_PDU_DELETE_WHEN_SENT.  outqueue_current is freed after the
waitpdu list (for reconnect or defer_reconnect), or sometimes not
considered at all (for cancel), and this can cause a dangling pointer.

Keep outqueue_current up to date when a PDU is freed.  A bit hacky,
but it avoids touching code all over the place.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 lib/pdu.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/pdu.c b/lib/pdu.c
index 292e6e5..66a24e8 100644
--- a/lib/pdu.c
+++ b/lib/pdu.c
@@ -172,6 +172,10 @@ iscsi_free_pdu(struct iscsi_context *iscsi, struct iscsi_pdu *pdu)
 	}
 	pdu->indata.data = NULL;
 
+	if (iscsi->outqueue_current == pdu) {
+		iscsi->outqueue_current = NULL;
+	}
+
 	iscsi_sfree(iscsi, pdu);
 }