From owner-p4-projects@FreeBSD.ORG  Sat Jun 17 11:30:54 2006
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id C516216A47D; Sat, 17 Jun 2006 11:30:54 +0000 (UTC)
X-Original-To: perforce@FreeBSD.org
Delivered-To: perforce@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 881B016A479
	for <perforce@FreeBSD.org>; Sat, 17 Jun 2006 11:30:54 +0000 (UTC)
	(envelope-from clem1@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 55CE343D46
	for <perforce@FreeBSD.org>; Sat, 17 Jun 2006 11:30:54 +0000 (GMT)
	(envelope-from clem1@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k5HBUsi5033762
	for <perforce@FreeBSD.org>; Sat, 17 Jun 2006 11:30:54 GMT
	(envelope-from clem1@FreeBSD.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k5HBUrrp033759
	for perforce@freebsd.org; Sat, 17 Jun 2006 11:30:53 GMT
	(envelope-from clem1@FreeBSD.org)
Date: Sat, 17 Jun 2006 11:30:53 GMT
Message-Id: <200606171130.k5HBUrrp033759@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	clem1@FreeBSD.org using -f
From: Clément Lecigne <clem1@FreeBSD.org>
To: Perforce Change Reviews <perforce@FreeBSD.org>
Cc: 
Subject: PERFORCE change 99418 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jun 2006 11:30:55 -0000

http://perforce.freebsd.org/chv.cgi?CH=99418

Change 99418 by clem1@clem1_ipv6vulns on 2006/06/17 11:30:42

	free your malloc, dude!	

Affected files ...

.. //depot/projects/soc2006/clem1_ipv6vulns/fuzzers/local/setsockopt/setsockopt.c#3 edit

Differences ...

==== //depot/projects/soc2006/clem1_ipv6vulns/fuzzers/local/setsockopt/setsockopt.c#3 (text+ko) ====

@@ -182,6 +182,7 @@
 void ssf_rthdr(int sock){
     int on = 1;
     char payload[PAYLOAD_SIZE_MAX];
+    char *ip = NULL;
     struct in6_addr v6;
     struct cmsghdr *cmsg = NULL;
     struct ip6_rthdr *rthdr;
@@ -218,8 +219,10 @@
             if(rthdr == NULL)
                 return;
             for(i = 0; i < segments; i++){
-                inet_pton(AF_INET6, (char *)randipv6(), &v6);
+                ip = (char *)randipv6();
+                inet_pton(AF_INET6, ip, &v6);
                 inet6_rth_add(rthdr, &v6);
+                free(ip);
             }
             optlen = (rthdr->ip6r_len + 1) << 3;
             optval = (unsigned int)&rthdr;
@@ -239,7 +242,9 @@
     
     fuzzlog("setsockopt", "dddad", sock, IPPROTO_IPV6, optname, optval, optlen);
     ret = setsockopt(sock, IPPROTO_IPV6, optname, (void *)optval, optlen);
-    fuzzlog("", "r", ret);
+    fuzzlog("", "r", ret);;
+    if(cmsg != NULL && (char *)cmsg != payload)
+        free(cmsg);
     return;   
 }