Date: Tue, 5 Jan 2010 07:57:44 GMT From: Henning Petersen <henning.petersen@t-online.de> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/142339: Double free in getnetpath.c. Message-ID: <201001050757.o057vinm018865@www.freebsd.org> Resent-Message-ID: <201001050800.o05806MS002391@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 142339
>Category: misc
>Synopsis: Double free in getnetpath.c.
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 05 08:00:06 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Henning Petersen
>Release: Freebsd-current
>Organization:
>Environment:
>Description:
np_sessionp is freed at line 102 and line 123.
>How-To-Repeat:
>Fix:
diff -u -r1.8 getnetpath.c
--- lib/libc/rpc/getnetpath.c 20 Sep 2007 22:35:24 -0000 1.8
+++ lib/libc/rpc/getnetpath.c 5 Jan 2010 05:52:21 -0000
@@ -101,7 +101,7 @@
if ((np_sessionp->nc_handlep = setnetconfig()) == NULL) {
free(np_sessionp);
syslog (LOG_ERR, "rpc: failed to open " NETCONFIG);
- goto failed;
+ return (NULL);
}
np_sessionp->valid = NP_VALID;
np_sessionp->ncp_list = NULL;
Patch attached with submission follows:
Index: lib/libc/rpc/getnetpath.c
===================================================================
RCS file: /usr/ncvs/src/lib/libc/rpc/getnetpath.c,v
retrieving revision 1.8
diff -u -r1.8 getnetpath.c
--- lib/libc/rpc/getnetpath.c 20 Sep 2007 22:35:24 -0000 1.8
+++ lib/libc/rpc/getnetpath.c 5 Jan 2010 05:52:21 -0000
@@ -101,7 +101,7 @@
if ((np_sessionp->nc_handlep = setnetconfig()) == NULL) {
free(np_sessionp);
syslog (LOG_ERR, "rpc: failed to open " NETCONFIG);
- goto failed;
+ return (NULL);
}
np_sessionp->valid = NP_VALID;
np_sessionp->ncp_list = NULL;
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001050757.o057vinm018865>