From owner-svn-src-all@FreeBSD.ORG Thu Feb 16 14:44:52 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C825A106564A; Thu, 16 Feb 2012 14:44:52 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id B2EC58FC0C; Thu, 16 Feb 2012 14:44:52 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q1GEiqc0021173; Thu, 16 Feb 2012 14:44:52 GMT (envelope-from glebius@svn.freebsd.org) Received: (from glebius@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q1GEiqvd021171; Thu, 16 Feb 2012 14:44:52 GMT (envelope-from glebius@svn.freebsd.org) Message-Id: <201202161444.q1GEiqvd021171@svn.freebsd.org> From: Gleb Smirnoff Date: Thu, 16 Feb 2012 14:44:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r231823 - head/sys/netgraph X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2012 14:44:52 -0000 Author: glebius Date: Thu Feb 16 14:44:52 2012 New Revision: 231823 URL: http://svn.freebsd.org/changeset/base/231823 Log: In ng_getsockaddr() allocate memory prior to obtaining lock. Reported & tested by: Mykola Dzham Modified: head/sys/netgraph/ng_socket.c Modified: head/sys/netgraph/ng_socket.c ============================================================================== --- head/sys/netgraph/ng_socket.c Thu Feb 16 14:42:35 2012 (r231822) +++ head/sys/netgraph/ng_socket.c Thu Feb 16 14:44:52 2012 (r231823) @@ -490,33 +490,30 @@ ng_getsockaddr(struct socket *so, struct int sg_len; int error = 0; - /* Why isn't sg_data a `char[1]' ? :-( */ - sg_len = sizeof(struct sockaddr_ng) - sizeof(sg->sg_data) + 1; - pcbp = sotongpcb(so); if ((pcbp == NULL) || (pcbp->sockdata == NULL)) /* XXXGL: can this still happen? */ return (EINVAL); + sg_len = sizeof(struct sockaddr_ng) + NG_NODESIZ - + sizeof(sg->sg_data); + sg = malloc(sg_len, M_SONAME, M_WAITOK | M_ZERO); + mtx_lock(&pcbp->sockdata->mtx); if (pcbp->sockdata->node != NULL) { node_p node = pcbp->sockdata->node; - int namelen = 0; /* silence compiler! */ if (NG_NODE_HAS_NAME(node)) - sg_len += namelen = strlen(NG_NODE_NAME(node)); - - sg = malloc(sg_len, M_SONAME, M_WAITOK | M_ZERO); - - if (NG_NODE_HAS_NAME(node)) - bcopy(NG_NODE_NAME(node), sg->sg_data, namelen); + bcopy(NG_NODE_NAME(node), sg->sg_data, + strlen(NG_NODE_NAME(node))); + mtx_unlock(&pcbp->sockdata->mtx); sg->sg_len = sg_len; sg->sg_family = AF_NETGRAPH; *addr = (struct sockaddr *)sg; - mtx_unlock(&pcbp->sockdata->mtx); } else { mtx_unlock(&pcbp->sockdata->mtx); + free(sg, M_SONAME); error = EINVAL; }