Date: Tue, 29 Nov 2011 08:16:14 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r228119 - head/usr.sbin/mfiutil Message-ID: <201111290816.pAT8GENU030803@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Tue Nov 29 08:16:14 2011 New Revision: 228119 URL: http://svn.freebsd.org/changeset/base/228119 Log: In build_volume(), check if arrays is allocated before traversing its items. While parsing the arrays input, it's possible that we reach the error path before initializing the 'arrays' pointer, which in turn leads to a NULL deference. Submitted by: Garrett Cooper MFC after: 1 week Modified: head/usr.sbin/mfiutil/mfi_config.c Modified: head/usr.sbin/mfiutil/mfi_config.c ============================================================================== --- head/usr.sbin/mfiutil/mfi_config.c Tue Nov 29 07:59:45 2011 (r228118) +++ head/usr.sbin/mfiutil/mfi_config.c Tue Nov 29 08:16:14 2011 (r228119) @@ -820,9 +820,11 @@ error: free(config); free(state.volumes); free(state.arrays); - for (i = 0; i < narrays; i++) - free(arrays[i].drives); - free(arrays); + if (arrays != NULL) { + for (i = 0; i < narrays; i++) + free(arrays[i].drives); + free(arrays); + } close(fd); return (error);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201111290816.pAT8GENU030803>