Date: Wed, 26 Sep 2012 07:09:15 +0000 (UTC) From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r240948 - head/sys/cam/ctl Message-ID: <201209260709.q8Q79FUf077761@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: trasz Date: Wed Sep 26 07:09:15 2012 New Revision: 240948 URL: http://svn.freebsd.org/changeset/base/240948 Log: Fix panic in CTL caused by trying to free invalid pointers passed by the userland process via the IOCTL interface. Reviewed by: ken@ Modified: head/sys/cam/ctl/ctl.c Modified: head/sys/cam/ctl/ctl.c ============================================================================== --- head/sys/cam/ctl/ctl.c Wed Sep 26 03:54:55 2012 (r240947) +++ head/sys/cam/ctl/ctl.c Wed Sep 26 07:09:15 2012 (r240948) @@ -2075,6 +2075,11 @@ ctl_copyin_args(int num_be_args, struct goto bailout; for (i = 0; i < num_be_args; i++) { + args[i].kname = NULL; + args[i].kvalue = NULL; + } + + for (i = 0; i < num_be_args; i++) { uint8_t *tmpptr; args[i].kname = ctl_copyin_alloc(args[i].name,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209260709.q8Q79FUf077761>