From owner-freebsd-bugs@FreeBSD.ORG  Sun Feb 10 11:40:03 2008
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2055A16A4F2
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 10 Feb 2008 11:40:03 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 12BC413C459
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 10 Feb 2008 11:40:03 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m1ABe2ET099077
	for <freebsd-bugs@freefall.freebsd.org>; Sun, 10 Feb 2008 11:40:02 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m1ABe2bf099076;
	Sun, 10 Feb 2008 11:40:02 GMT (envelope-from gnats)
Date: Sun, 10 Feb 2008 11:40:02 GMT
Message-Id: <200802101140.m1ABe2bf099076@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Bruce Cran <bruce@cran.org.uk>
Cc: 
Subject: Re: bin/73337: [nsswitch] [patch] potential invalid free
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Bruce Cran <bruce@cran.org.uk>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Feb 2008 11:40:03 -0000

The following reply was made to PR bin/73337; it has been noted by GNATS.

From: Bruce Cran <bruce@cran.org.uk>
To: bug-followup@FreeBSD.org, nectar@FreeBSD.org
Cc:  
Subject: Re: bin/73337: [nsswitch] [patch] potential invalid free
Date: Sun, 10 Feb 2008 11:39:38 +0000

 This is a multi-part message in MIME format.
 --------------080704050506000507090004
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 Content-Transfer-Encoding: 7bit
 
 Attaching the patch as an attachment.
 
 --------------080704050506000507090004
 Content-Type: text/plain;
  name="nss_tls.h.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="nss_tls.h.diff"
 
 --- nss_tls.h.old	2008-01-12 00:21:20.000000000 +0000
 +++ nss_tls.h	2008-01-12 10:54:17.000000000 +0000
 @@ -50,12 +50,18 @@
  static int							\
  name##_getstate(struct name##_state **p)			\
  {								\
 -	static struct name##_state st;				\
 +	static struct name##_state *st = NULL;				\
  	static pthread_once_t	keyinit = PTHREAD_ONCE_INIT;	\
  	int			rv;				\
  								\
  	if (!__isthreaded || _pthread_main_np() != 0) {		\
 -		*p = &st;					\
 +		if (st == NULL) {               \
 +			st = calloc(1, sizeof(*st));		\
 +			if (st == NULL)         \
 +				return (ENOMEM);    \
 +		}                           \
 +		                           \
 +		*p = st;					\
  		return (0);					\
  	}							\
  	rv = _pthread_once(&keyinit, name##_keyinit);		\
 
 --------------080704050506000507090004--