From owner-svn-src-stable@freebsd.org Fri Jun 10 14:42:38 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 132F3B714CD; Fri, 10 Jun 2016 14:42:38 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D66B91EFA; Fri, 10 Jun 2016 14:42:37 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u5AEgbbc045725; Fri, 10 Jun 2016 14:42:37 GMT (envelope-from ngie@FreeBSD.org) Received: (from ngie@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u5AEgb3T045724; Fri, 10 Jun 2016 14:42:37 GMT (envelope-from ngie@FreeBSD.org) Message-Id: <201606101442.u5AEgb3T045724@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ngie set sender to ngie@FreeBSD.org using -f From: Garrett Cooper Date: Fri, 10 Jun 2016 14:42:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r301790 - stable/9/usr.sbin/route6d X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jun 2016 14:42:38 -0000 Author: ngie Date: Fri Jun 10 14:42:36 2016 New Revision: 301790 URL: https://svnweb.freebsd.org/changeset/base/301790 Log: MFstable/10 r301789: MFC r299491: r299491 (by cem): route6d(8): Fix potential double-free In the case that the subsequent sysctl(3) call failed, 'buf' could be free(3)ed repeatedly. It isn't clear to me that that case is possible, but be clear and do the right thing in case it is. CID: 272537 Modified: stable/9/usr.sbin/route6d/route6d.c Directory Properties: stable/9/ (props changed) stable/9/usr.sbin/ (props changed) stable/9/usr.sbin/route6d/ (props changed) Modified: stable/9/usr.sbin/route6d/route6d.c ============================================================================== --- stable/9/usr.sbin/route6d/route6d.c Fri Jun 10 14:40:41 2016 (r301789) +++ stable/9/usr.sbin/route6d/route6d.c Fri Jun 10 14:42:36 2016 (r301790) @@ -2646,8 +2646,10 @@ krtread(int again) sleep(1); retry++; errmsg = NULL; - if (buf) + if (buf) { free(buf); + buf = NULL; + } if (sysctl(mib, 6, NULL, &msize, NULL, 0) < 0) { errmsg = "sysctl estimate"; continue;