From e766066eb4b0635bbd9b6d805053b7057807e684 Mon Sep 17 00:00:00 2001
From: maxim <maxim>
Date: Mon, 9 Jul 2007 16:46:53 +0000
Subject: [PATCH] b=11495 i=isaac Fix of double-free bug in tcplnd (Checking
 return from read_connection())

---
 lnet/ulnds/socklnd/tcplnd.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/lnet/ulnds/socklnd/tcplnd.c b/lnet/ulnds/socklnd/tcplnd.c
index bd73fb2d40..010f972fe2 100644
--- a/lnet/ulnds/socklnd/tcplnd.c
+++ b/lnet/ulnds/socklnd/tcplnd.c
@@ -166,26 +166,30 @@ int tcpnal_recv(lnet_ni_t     *ni,
 
         /* FIXME
          * 1. Is this effecient enough? change to use readv() directly?
-         * 2. need check return from read_connection()
          * - MeiJia
          */
         for (i = 0; i < ntiov; i++)
-                read_connection(private, tiov[i].iov_base, tiov[i].iov_len);
+                if (!read_connection(private, tiov[i].iov_base, tiov[i].iov_len))
+                        return -EIO;
+                        
 
 finalize:
-        /* FIXME; we always assume success here... */
-        lnet_finalize(ni, cookie, 0);
-
         LASSERT(rlen >= mlen);
 
         if (mlen != rlen){
+                int rc;
                 char *trash=malloc(rlen - mlen);
 
-                /*TODO: check error status*/
-                read_connection(private, trash, rlen - mlen);
+                if (!trash)
+                        return -ENOMEM;
+                
+                rc = read_connection(private, trash, rlen - mlen);
                 free(trash);
+                if (!rc)
+                        return -EIO;
         }
 
+        lnet_finalize(ni, cookie, 0);
         return(0);
 }
 
-- 
GitLab