libiscsi

Files

Bart Van Assche 161547d5b6 lib/socket.c: Fix a use-after-free

This issue was introduced via patch "pdu: introduce ISCSI_PDU_CORK_WHEN_SENT"
on June 13, 2014 (commit 99585b6996).

Valgrind reported this use-after-free as follows:

Invalid read of size 4
   at 0x5267606: iscsi_write_to_socket (socket.c:721)
   by 0x5267A72: iscsi_service (socket.c:823)
   by 0x526827C: event_loop (sync.c:67)
   by 0x52698A4: iscsi_compareandwrite_sync (sync.c:823)
   by 0x408111: compareandwrite (iscsi-support.c:1752)
   by 0x4139E2: test_compareandwrite_simple (test_compareandwrite_simple.c:88)
   by 0x503D260: ??? (in /usr/lib64/libcunit.so.1.0.1)
   by 0x503D578: ??? (in /usr/lib64/libcunit.so.1.0.1)
   by 0x503D8B5: CU_run_all_tests (in /usr/lib64/libcunit.so.1.0.1)
   by 0x4046C6: main (iscsi-test-cu.c:1241)
 Address 0x639f258 is 8 bytes inside a block of size 256 free'd
   at 0x4C291E7: free (vg_replace_malloc.c:473)
   by 0x525321B: iscsi_free (init.c:68)
   by 0x52532F0: iscsi_sfree (init.c:110)
   by 0x5257AD9: iscsi_free_pdu (pdu.c:179)
   by 0x5267601: iscsi_write_to_socket (socket.c:719)
   by 0x5267A72: iscsi_service (socket.c:823)
   by 0x526827C: event_loop (sync.c:67)
   by 0x52698A4: iscsi_compareandwrite_sync (sync.c:823)
   by 0x408111: compareandwrite (iscsi-support.c:1752)
   by 0x4139E2: test_compareandwrite_simple (test_compareandwrite_simple.c:88)
   by 0x503D260: ??? (in /usr/lib64/libcunit.so.1.0.1)
   by 0x503D578: ??? (in /usr/lib64/libcunit.so.1.0.1)

Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Cc: Peter Lieven <pl@kamp.de>

2014-09-18 11:57:05 -07:00

connect.c

slist.h: rename SLIST_ to ISCSI_LIST_ to avoid clash on *BSD

2014-05-07 06:44:19 -07:00

crc32c.c

Windows: Add support to build as a DLL under windows

2011-08-31 13:12:30 +10:00

discovery.c

format string cast ptrdiff on 32bit arch (#747262 )

2014-05-07 06:49:02 -07:00

init.c

slist.h: rename SLIST_ to ISCSI_LIST_ to avoid clash on *BSD