Date: Wed, 13 Sep 1995 18:01:01 +1000 From: Bruce Evans <bde@zeta.org.au> To: current@freebsd.org, terry@lambert.org Subject: Re: BAD BUG IN UFS RENAME Message-ID: <199509130801.SAA29848@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>Well, I've discovered some very interesting brain damage. >In the case of an attemped cross-device rename, both NAMEI buffers are >freed twice. >In the case of a rename of a->b where a + b have the same inode numbers >but not the same name, the, the from buffer is freed twice. Also in the case of renaming "." or ".." in msdosfs if the code that handles this is reachable. >The code of interest for this bungle is in: > kern/vfs_syscalls.c (rename) > ufs/ufs/ufs_vnops.c (ufs_rename) Also msdosfs/msdosfs_vnops.c (msdosfs_rename) miscfs/devfs/devfs_vnops.c udevfs_rename) Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509130801.SAA29848>