From 2934d643ca71782079a6e0af2f562f7b9f10acbe Mon Sep 17 00:00:00 2001
From: IriKa Qiu <qiujie.jq@gmail.com>
Date: Sun, 10 Nov 2024 03:10:51 +0000
Subject: [PATCH] Fix pdu indata of iser alloc and free mismatch

The pdu indata alloc by iscsi_malloc with a undetermined size, but free
by iscsi_sfree. The iscsi_sfree can only be used to free memory which
size is equal to iscsi->smalloc_size.

Signed-off-by: IriKa Qiu <qiujie.jq@gmail.com>
---
 lib/iser.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/iser.c b/lib/iser.c
index 3740564..4e062d8 100644
--- a/lib/iser.c
+++ b/lib/iser.c
@@ -770,7 +770,11 @@ iser_prepare_read_cmd(struct iser_conn *iser_conn,struct iser_pdu *iser_pdu)
 	if (data_size > 0) {
 
 		if (task->iovector_in.iov == NULL) {
-			iser_pdu->iscsi_pdu.indata.data = iscsi_malloc(iscsi, data_size);
+			if (data_size <= iscsi->smalloc_size) {
+				iser_pdu->iscsi_pdu.indata.data = iscsi_smalloc(iscsi, data_size);
+			} else {
+				iser_pdu->iscsi_pdu.indata.data = iscsi_malloc(iscsi, data_size);
+			}
 			if (iser_pdu->iscsi_pdu.indata.data == NULL) {
 				iscsi_set_error(iscsi, "Failed to aloocate data buffer");
 				return -1;