ref: 7cc9d944df78deb70230b74285287ef429ca14c1
parent: 5ce3f70f72317e6a1dc387afd1023c99f6186afb
author: aiju <devnull@localhost>
date: Fri Apr 28 14:45:32 EDT 2017
sshfs: reset SReq->reqid field to fix double-free of request ids
--- a/sys/src/cmd/sshfs.c
+++ b/sys/src/cmd/sshfs.c
@@ -938,7 +938,7 @@
}
id = GET4(rxpkt + 1);
if(id >= MAXREQID){- fprint(2, "sshfs: received response with id out of range, %d > %d\n", id, MAXREQID);
+ fprint(2, "sshfs: received %Σ response with id out of range, %d > %d\n", t, id, MAXREQID);
continue;
}
qlock(&sreqidlock);
@@ -945,11 +945,12 @@
r = sreqrd[id];
if(r != nil){sreqrd[id] = nil;
+ r->reqid = -1;
rwakeup(&sreqidrend);
}
qunlock(&sreqidlock);
if(r == nil){- fprint(2, "sshfs: received response to non-existent request (req id = %d)\n", id);
+ fprint(2, "sshfs: received %Σ response to non-existent request (req id = %d)\n", t, id);
continue;
}
if(r->closefid != nil){