From 7fdc732a19ad0d85d867a0d730cd5cc284b4093d Mon Sep 17 00:00:00 2001
From: Miklos Szeredi <miklos@szeredi.hu>
Date: Wed, 30 Mar 2011 19:34:58 +0200
Subject: Fix use after free if fuse_reply...() returned ENOENT

---
 lib/fuse.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/lib/fuse.c b/lib/fuse.c
index 0bb63f0..84cd460 100644
--- a/lib/fuse.c
+++ b/lib/fuse.c
@@ -2921,9 +2921,7 @@ static void fuse_lib_create(fuse_req_t req, fuse_ino_t parent,
 		if (fuse_reply_create(req, &e, fi) == -ENOENT) {
 			/* The open syscall was interrupted, so it
 			   must be cancelled */
-			fuse_prepare_interrupt(f, req, &d);
 			fuse_do_release(f, e.ino, path, fi);
-			fuse_finish_interrupt(f, req, &d);
 			forget_node(f, e.ino, 1);
 		}
 	} else {
@@ -3001,9 +2999,7 @@ static void fuse_lib_open(fuse_req_t req, fuse_ino_t ino,
 		if (fuse_reply_open(req, fi) == -ENOENT) {
 			/* The open syscall was interrupted, so it
 			   must be cancelled */
-			fuse_prepare_interrupt(f, req, &d);
 			fuse_do_release(f, ino, path, fi);
-			fuse_finish_interrupt(f, req, &d);
 		}
 	} else
 		reply_err(req, err);
@@ -3129,9 +3125,7 @@ static void fuse_lib_opendir(fuse_req_t req, fuse_ino_t ino,
 		if (fuse_reply_open(req, llfi) == -ENOENT) {
 			/* The opendir syscall was interrupted, so it
 			   must be cancelled */
-			fuse_prepare_interrupt(f, req, &d);
 			fuse_fs_releasedir(f->fs, path, &fi);
-			fuse_finish_interrupt(f, req, &d);
 			pthread_mutex_destroy(&dh->lock);
 			free(dh);
 		}
-- 
cgit v1.2.3