client: fix use-after-free in Client::link()

author Yan, Zheng <zyan@redhat.com>

Tue, 19 Jun 2018 02:39:19 +0000 (10:39 +0800)

committer Yan, Zheng <zyan@redhat.com>

Tue, 19 Jun 2018 02:39:19 +0000 (10:39 +0800)
author Yan, Zheng <zyan@redhat.com>
Tue, 19 Jun 2018 02:39:19 +0000 (10:39 +0800)
committer Yan, Zheng <zyan@redhat.com>
Tue, 19 Jun 2018 02:39:19 +0000 (10:39 +0800)
diff --git a/src/client/Client.cc b/src/client/Client.cc

index 213b78465d4f83cf3a06ab9f44e6bea5330276cd..1b2a209c5cc02beb42971a26359fbc09ee4cd9a7 100644 (file)
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -2975,8 +2975,10 @@ Dentry* Client::link(Dir *dir, const string& name, Inode *in, Dentry *dn)
    }
  
    if (in) {    // link to inode
+    InodeRef tmp_ref;
      // only one parent for directories!
      if (in->is_dir() && !in->dentries.empty()) {
+      tmp_ref = in; // prevent unlink below from freeing the inode.
        Dentry *olddn = in->get_first_parent();
        assert(olddn->dir != dir || olddn->name != name);
        Inode *old_diri = olddn->dir->parent_inode;
author	Yan, Zheng <zyan@redhat.com>
	Tue, 19 Jun 2018 02:39:19 +0000 (10:39 +0800)
committer	Yan, Zheng <zyan@redhat.com>
	Tue, 19 Jun 2018 02:39:19 +0000 (10:39 +0800)