Date: Sat, 5 Sep 2020 00:50:53 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r365355 - head/sys/rpc Message-ID: <202009050050.0850orou035898@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Sat Sep 5 00:50:52 2020 New Revision: 365355 URL: https://svnweb.freebsd.org/changeset/base/365355 Log: Fix a potential memory leak in the NFS over TLS handling code. For the TLS case where there is a "user@domain" name specified in the X.509 v3 certificate presented by the client in the otherName component of subjectAltName, a gid list is allocated via mem_alloc(). This needs to be free'd. Otherwise xp_gidp == NULL and free() handles that. (The size argument to mem_free() is not used by FreeBSD, so it can be 0.) This leak would not have occurred for any other case than NFS over TLS with the "user@domain" in the client's certificate. Modified: head/sys/rpc/svc.c Modified: head/sys/rpc/svc.c ============================================================================== --- head/sys/rpc/svc.c Sat Sep 5 00:45:46 2020 (r365354) +++ head/sys/rpc/svc.c Sat Sep 5 00:50:52 2020 (r365355) @@ -902,6 +902,8 @@ svc_xprt_free(SVCXPRT *xprt) { mem_free(xprt->xp_p3, sizeof(SVCXPRT_EXT)); + /* The size argument is ignored, so 0 is ok. */ + mem_free(xprt->xp_gidp, 0); mem_free(xprt, sizeof(SVCXPRT)); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009050050.0850orou035898>