From 0470c5f0a6f1f2b9f3cc68a80e4c621127e60143 Mon Sep 17 00:00:00 2001
From: Jeffry Molanus <jeffry.molanus@gmail.com>
Date: Tue, 11 Aug 2020 09:57:43 +0200
Subject: [PATCH] iSCSI: do not use LUN id allocated on the stack

The previous patch did not box the value passed over the
FFI boundary. With optimized builds the value might get
dropped before all the callbacks where executed. In effect
a use after free.
---
 mayastor/src/target/iscsi.rs | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/mayastor/src/target/iscsi.rs b/mayastor/src/target/iscsi.rs
index 19c275c06..7dbc453e9 100644
--- a/mayastor/src/target/iscsi.rs
+++ b/mayastor/src/target/iscsi.rs
@@ -190,25 +190,21 @@ pub fn fini() {
 fn share_as_iscsi_target(
     bdev_name: &str,
     bdev: &Bdev,
-    pg_idx: c_int,
-    ig_idx: c_int,
+    mut pg_idx: c_int,
+    mut ig_idx: c_int,
 ) -> Result<String, Error> {
     let iqn = target_name(bdev_name).into_cstring();
 
-    let pg_tags = [pg_idx].as_mut_ptr();
-    let ig_tags = [ig_idx].as_mut_ptr();
-    let lun_ids = [0].as_mut_ptr();
-
     let tgt = unsafe {
         iscsi_tgt_node_construct(
             -1,
             iqn.as_ptr(),
             ptr::null(),
-            pg_tags,
-            ig_tags,
+            &mut pg_idx as *mut _,
+            &mut ig_idx as *mut _,
             1,
             &mut bdev.name().into_cstring().as_ptr(),
-            lun_ids,
+            &mut LUN as *mut _,
             1,
             128,
             true,