Date: Wed, 29 Mar 2023 18:26:42 GMT From: Eric van Gyzen <vangyzen@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 3bbd1a1a0056 - main - camcontrol powermode: fix use-after-free Message-ID: <202303291826.32TIQgYH089059@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by vangyzen: URL: https://cgit.FreeBSD.org/src/commit/?id=3bbd1a1a005698fcf1aaeae0065a8f2f97fdf4be commit 3bbd1a1a005698fcf1aaeae0065a8f2f97fdf4be Author: Eric van Gyzen <vangyzen@FreeBSD.org> AuthorDate: 2023-03-29 19:14:40 +0000 Commit: Eric van Gyzen <vangyzen@FreeBSD.org> CommitDate: 2023-03-29 19:17:16 +0000 camcontrol powermode: fix use-after-free Free the ccb after processing the response therein. Reported by: Coverity Fixes: 3bed0179ee571ba3ceadb2773f86d57af8bc5499 MFC after: 1 week Sponsored by: Dell EMC Isilon --- sbin/camcontrol/camcontrol.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/sbin/camcontrol/camcontrol.c b/sbin/camcontrol/camcontrol.c index 489c3026537a..9e50fbf2646e 100644 --- a/sbin/camcontrol/camcontrol.c +++ b/sbin/camcontrol/camcontrol.c @@ -9312,12 +9312,11 @@ atapm(struct cam_device *device, int argc, char **argv, /*timeout*/timeout ? timeout : 30 * 1000, /*force48bit*/0); - cam_freeccb(ccb); - - if (retval || cmd != ATA_CHECK_POWER_MODE) - return (retval); + if (retval == 0 && cmd == ATA_CHECK_POWER_MODE) + retval = atapm_proc_resp(device, ccb); - return (atapm_proc_resp(device, ccb)); + cam_freeccb(ccb); + return (retval); } static int
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202303291826.32TIQgYH089059>