Date: Wed, 6 Feb 2013 18:30:54 +0000 (UTC) From: Alexander Motin <mav@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r246426 - stable/9/sys/cam/ctl Message-ID: <201302061830.r16IUslq016923@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mav Date: Wed Feb 6 18:30:53 2013 New Revision: 246426 URL: http://svnweb.freebsd.org/changeset/base/246426 Log: MFC r240948 (by trasz): Fix panic in CTL caused by trying to free invalid pointers passed by the userland process via the IOCTL interface. Modified: stable/9/sys/cam/ctl/ctl.c Directory Properties: stable/9/sys/ (props changed) Modified: stable/9/sys/cam/ctl/ctl.c ============================================================================== --- stable/9/sys/cam/ctl/ctl.c Wed Feb 6 18:22:52 2013 (r246425) +++ stable/9/sys/cam/ctl/ctl.c Wed Feb 6 18:30:53 2013 (r246426) @@ -2075,6 +2075,11 @@ ctl_copyin_args(int num_be_args, struct goto bailout; for (i = 0; i < num_be_args; i++) { + args[i].kname = NULL; + args[i].kvalue = NULL; + } + + for (i = 0; i < num_be_args; i++) { uint8_t *tmpptr; args[i].kname = ctl_copyin_alloc(args[i].name,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201302061830.r16IUslq016923>