From owner-svn-src-all@freebsd.org Wed May 11 22:33:22 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 27BC2B38616; Wed, 11 May 2016 22:33:22 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EE18D1FF9; Wed, 11 May 2016 22:33:21 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u4BMXLhR044626; Wed, 11 May 2016 22:33:21 GMT (envelope-from cem@FreeBSD.org) Received: (from cem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u4BMXLiv044625; Wed, 11 May 2016 22:33:21 GMT (envelope-from cem@FreeBSD.org) Message-Id: <201605112233.u4BMXLiv044625@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cem set sender to cem@FreeBSD.org using -f From: "Conrad E. Meyer" Date: Wed, 11 May 2016 22:33:21 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r299491 - head/usr.sbin/route6d X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2016 22:33:22 -0000 Author: cem Date: Wed May 11 22:33:20 2016 New Revision: 299491 URL: https://svnweb.freebsd.org/changeset/base/299491 Log: route6d(8): Fix potential double-free In the case that the subsequent sysctl(3) call failed, 'buf' could be free(3)ed repeatedly. It isn't clear to me that that case is possible, but be clear and do the right thing in case it is. Reported by: Coverity CID: 272537 Sponsored by: EMC / Isilon Storage Division Modified: head/usr.sbin/route6d/route6d.c Modified: head/usr.sbin/route6d/route6d.c ============================================================================== --- head/usr.sbin/route6d/route6d.c Wed May 11 22:25:14 2016 (r299490) +++ head/usr.sbin/route6d/route6d.c Wed May 11 22:33:20 2016 (r299491) @@ -2598,8 +2598,10 @@ krtread(int again) sleep(1); retry++; errmsg = NULL; - if (buf) + if (buf) { free(buf); + buf = NULL; + } if (sysctl(mib, 6, NULL, &msize, NULL, 0) < 0) { errmsg = "sysctl estimate"; continue;