Date: Thu, 10 Feb 2011 01:24:09 +0000 (UTC) From: Max Laier <mlaier@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r218503 - head/sys/net Message-ID: <201102100124.p1A1O9VY004478@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mlaier Date: Thu Feb 10 01:24:09 2011 New Revision: 218503 URL: http://svn.freebsd.org/changeset/base/218503 Log: As info.rti_info[RTAX_DST] can point inside of rtm we must not free the rtm until rt_dispatch is done with the sockaddr. Found by: memguard MFC after: 3 days Modified: head/sys/net/rtsock.c Modified: head/sys/net/rtsock.c ============================================================================== --- head/sys/net/rtsock.c Thu Feb 10 00:20:56 2011 (r218502) +++ head/sys/net/rtsock.c Thu Feb 10 01:24:09 2011 (r218503) @@ -883,7 +883,6 @@ flush: m = NULL; } else if (m->m_pkthdr.len > rtm->rtm_msglen) m_adj(m, rtm->rtm_msglen - m->m_pkthdr.len); - Free(rtm); } if (m) { if (rp) { @@ -898,6 +897,9 @@ flush: } else rt_dispatch(m, info.rti_info[RTAX_DST]); } + /* info.rti_info[RTAX_DST] (used above) can point inside of rtm */ + if (rtm) + Free(rtm); } return (error); #undef sa_equal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201102100124.p1A1O9VY004478>