Date: Wed, 25 Feb 2009 19:00:11 GMT From: Jaakko Heinonen <jh@saunalahti.fi> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/132104: kenv buffer overflow Message-ID: <200902251900.n1PJ0BA7073647@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/132104; it has been noted by GNATS.
From: Jaakko Heinonen <jh@saunalahti.fi>
To: Dylan Cochran <a134qaed@gmail.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/132104: kenv buffer overflow
Date: Wed, 25 Feb 2009 20:56:26 +0200
Hi,
On 2009-02-25, Dylan Cochran wrote:
> This prevents the panic condition, but also increases the amount of
> time the mutex is held. Comments?
>
> mtx_lock(&kenv_lock);
> cp = _getenv_dynamic(name, NULL);
> if (cp != NULL) {
> - strcpy(buf, cp);
> - mtx_unlock(&kenv_lock);
> - len = strlen(buf) + 1;
> + len = strlen(cp) + 1;
> ret = malloc(len, M_KENV, M_WAITOK);
> - strcpy(ret, buf);
> + strcpy(ret, cp);
> + mtx_unlock(&kenv_lock);
malloc(9) with M_WAITOK flag could sleep. You are not allowed to sleep
while holding a mutex.
--
Jaakko
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200902251900.n1PJ0BA7073647>