[ofa-general] [PATCH] opensm/osm_ucast_lash: fix use after free bug
Sasha Khapyorsky
sashak at voltaire.com
Fri Sep 25 07:50:45 PDT 2009
When LASH runs its switch structures cleanup OpenSM can rediscover a
subnet and 'p_sw' pointer may refer already freed memory, so don't touch
it, just free our own stuff. (Note also that for valids OpenSM switches
objects' 'priv' pointers are cleared on lash_cleanup()).
Signed-off-by: Sasha Khapyorsky <sashak at voltaire.com>
---
opensm/opensm/osm_ucast_lash.c | 5 +----
1 files changed, 1 insertions(+), 4 deletions(-)
diff --git a/opensm/opensm/osm_ucast_lash.c b/opensm/opensm/osm_ucast_lash.c
index dbc6bcc..3c424cb 100644
--- a/opensm/opensm/osm_ucast_lash.c
+++ b/opensm/opensm/osm_ucast_lash.c
@@ -628,8 +628,7 @@ static switch_t *switch_create(lash_t * p_lash, unsigned id, osm_switch_t * p_sw
}
sw->p_sw = p_sw;
- if (p_sw)
- p_sw->priv = sw;
+ p_sw->priv = sw;
if (osm_mesh_node_create(p_lash, sw)) {
free(sw->dij_channels);
@@ -644,8 +643,6 @@ static void switch_delete(lash_t *p_lash, switch_t * sw)
{
if (sw->dij_channels)
free(sw->dij_channels);
- if (sw->p_sw)
- sw->p_sw->priv = NULL;
free(sw);
}
--
1.6.5.rc1
More information about the general
mailing list