From 2934d643ca71782079a6e0af2f562f7b9f10acbe Mon Sep 17 00:00:00 2001
From: IriKa Qiu <qiujie.jq@gmail.com>
Date: Sun, 10 Nov 2024 03:10:51 +0000
Subject: [PATCH 1/2] Fix pdu indata of iser alloc and free mismatch

The pdu indata alloc by iscsi_malloc with a undetermined size, but free
by iscsi_sfree. The iscsi_sfree can only be used to free memory which
size is equal to iscsi->smalloc_size.

Signed-off-by: IriKa Qiu <qiujie.jq@gmail.com>
---
 lib/iser.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/iser.c b/lib/iser.c
index 3740564..4e062d8 100644
--- a/lib/iser.c
+++ b/lib/iser.c
@@ -770,7 +770,11 @@ iser_prepare_read_cmd(struct iser_conn *iser_conn,struct iser_pdu *iser_pdu)
 	if (data_size > 0) {
 
 		if (task->iovector_in.iov == NULL) {
-			iser_pdu->iscsi_pdu.indata.data = iscsi_malloc(iscsi, data_size);
+			if (data_size <= iscsi->smalloc_size) {
+				iser_pdu->iscsi_pdu.indata.data = iscsi_smalloc(iscsi, data_size);
+			} else {
+				iser_pdu->iscsi_pdu.indata.data = iscsi_malloc(iscsi, data_size);
+			}
 			if (iser_pdu->iscsi_pdu.indata.data == NULL) {
 				iscsi_set_error(iscsi, "Failed to aloocate data buffer");
 				return -1;

From 057fa61f009bac731245584f5686e0c8a7e3f4fd Mon Sep 17 00:00:00 2001
From: IriKa Qiu <qiujie.jq@gmail.com>
Date: Sun, 10 Nov 2024 03:19:37 +0000
Subject: [PATCH 2/2] Fix free pdu mismatch with alloc

The pdu alloced by iscsi->drv->new_pdu, by free with iscsi_free direct
when fail in iscsi_allocate_pdu.

Signed-off-by: IriKa Qiu <qiujie.jq@gmail.com>
---
 lib/pdu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/pdu.c b/lib/pdu.c
index be0a646..f61e24b 100644
--- a/lib/pdu.c
+++ b/lib/pdu.c
@@ -205,7 +205,7 @@ iscsi_allocate_pdu(struct iscsi_context *iscsi, enum iscsi_opcode opcode,
 
 	if (pdu->outdata.data == NULL) {
 		iscsi_set_error(iscsi, "failed to allocate pdu header");
-		iscsi_free(iscsi, pdu);
+		iscsi->drv->free_pdu(iscsi, pdu);
 		return NULL;
 	}