From 7edb4c0c72c784cf3723d8efebacbf9140bdf348 Mon Sep 17 00:00:00 2001
From: Vladislav Bolkhovitin <vst@vlnb.net>
Date: Wed, 19 Nov 2008 10:55:58 +0000
Subject: [PATCH] Fix for memory overwrite-after-free bug in scst_local

git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@575 d57e44dd-8a1f-0410-8b47-8ef2f437770f
---
 scst/src/scst_lib.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/scst/src/scst_lib.c b/scst/src/scst_lib.c
index 4b21bf5ea..8f8d8c1b8 100644
--- a/scst/src/scst_lib.c
+++ b/scst/src/scst_lib.c
@@ -1436,7 +1436,12 @@ void scst_free_cmd(struct scst_cmd *cmd)
 #endif
 #endif
 
-	scst_check_restore_sg_buff(cmd);
+	/*
+	 * Target driver can already free sg buffer before calling
+	 * scst_tgt_cmd_done(). E.g., scst_local has to do that.
+	 */
+	if (!cmd->tgt_data_buf_alloced)
+		scst_check_restore_sg_buff(cmd);
 
 	if (unlikely(cmd->internal)) {
 		if (cmd->bufflen > 0)