From: Yan, Zheng <zyan@redhat.com>
Date: Tue, 19 Jun 2018 02:39:19 +0000 (+0800)
Subject: client: fix use-after-free in Client::link()
X-Git-Tag: v14.0.1~1013^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=d9e91878322107cd0127ffa3cd9af33aa5f240e4;p=ceph.git

client: fix use-after-free in Client::link()

Fixes: http://tracker.ceph.com/issues/24557
Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
---

diff --git a/src/client/Client.cc b/src/client/Client.cc
index 213b78465d4..1b2a209c5cc 100644
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -2975,8 +2975,10 @@ Dentry* Client::link(Dir *dir, const string& name, Inode *in, Dentry *dn)
   }
 
   if (in) {    // link to inode
+    InodeRef tmp_ref;
     // only one parent for directories!
     if (in->is_dir() && !in->dentries.empty()) {
+      tmp_ref = in; // prevent unlink below from freeing the inode.
       Dentry *olddn = in->get_first_parent();
       assert(olddn->dir != dir || olddn->name != name);
       Inode *old_diri = olddn->dir->parent_inode;