Date: Tue, 26 Apr 2016 13:06:29 -0600 From: Alan Somers <asomers@freebsd.org> To: "Conrad E. Meyer" <cem@freebsd.org> Cc: "src-committers@freebsd.org" <src-committers@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org> Subject: Re: svn commit: r298655 - head/sys/kgssapi Message-ID: <CAOtMX2ifk28h%2B4N_um1haz_eqhhZf1VPeGWW%2BRosv9czi-8maA@mail.gmail.com> In-Reply-To: <201604261811.u3QIBjrE092471@repo.freebsd.org> References: <201604261811.u3QIBjrE092471@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Nice catch. Will you be MFCing this to stable/10? On Tue, Apr 26, 2016 at 12:11 PM, Conrad E. Meyer <cem@freebsd.org> wrote: > Author: cem > Date: Tue Apr 26 18:11:45 2016 > New Revision: 298655 > URL: https://svnweb.freebsd.org/changeset/base/298655 > > Log: > kgssapi: Don't leak memory in error cases > > Reported by: Coverity > CIDs: 1007046, 1007047, 1007048 > Sponsored by: EMC / Isilon Storage Division > > Modified: > head/sys/kgssapi/gssd_prot.c > > Modified: head/sys/kgssapi/gssd_prot.c > > ============================================================================== > --- head/sys/kgssapi/gssd_prot.c Tue Apr 26 18:08:51 2016 > (r298654) > +++ head/sys/kgssapi/gssd_prot.c Tue Apr 26 18:11:45 2016 > (r298655) > @@ -101,8 +101,10 @@ xdr_gss_OID(XDR *xdrs, gss_OID *oidp) > } else { > oid = mem_alloc(sizeof(gss_OID_desc)); > memset(oid, 0, sizeof(*oid)); > - if (!xdr_gss_OID_desc(xdrs, oid)) > + if (!xdr_gss_OID_desc(xdrs, oid)) { > + mem_free(oid, sizeof(gss_OID_desc)); > return (FALSE); > + } > *oidp = oid; > } > break; > @@ -164,8 +166,10 @@ xdr_gss_OID_set(XDR *xdrs, gss_OID_set * > } else { > set = mem_alloc(sizeof(gss_OID_set_desc)); > memset(set, 0, sizeof(*set)); > - if (!xdr_gss_OID_set_desc(xdrs, set)) > + if (!xdr_gss_OID_set_desc(xdrs, set)) { > + mem_free(set, sizeof(gss_OID_set_desc)); > return (FALSE); > + } > *setp = set; > } > break; > @@ -224,8 +228,10 @@ xdr_gss_channel_bindings_t(XDR *xdrs, gs > || !xdr_gss_buffer_desc(xdrs, > &ch->acceptor_address) > || !xdr_gss_buffer_desc(xdrs, > - &ch->application_data)) > + &ch->application_data)) { > + mem_free(ch, sizeof(*ch)); > return (FALSE); > + } > *chp = ch; > } > break; > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOtMX2ifk28h%2B4N_um1haz_eqhhZf1VPeGWW%2BRosv9czi-8maA>