Date: Wed, 11 May 2016 22:33:21 +0000 (UTC) From: "Conrad E. Meyer" <cem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r299491 - head/usr.sbin/route6d Message-ID: <201605112233.u4BMXLiv044625@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cem Date: Wed May 11 22:33:20 2016 New Revision: 299491 URL: https://svnweb.freebsd.org/changeset/base/299491 Log: route6d(8): Fix potential double-free In the case that the subsequent sysctl(3) call failed, 'buf' could be free(3)ed repeatedly. It isn't clear to me that that case is possible, but be clear and do the right thing in case it is. Reported by: Coverity CID: 272537 Sponsored by: EMC / Isilon Storage Division Modified: head/usr.sbin/route6d/route6d.c Modified: head/usr.sbin/route6d/route6d.c ============================================================================== --- head/usr.sbin/route6d/route6d.c Wed May 11 22:25:14 2016 (r299490) +++ head/usr.sbin/route6d/route6d.c Wed May 11 22:33:20 2016 (r299491) @@ -2598,8 +2598,10 @@ krtread(int again) sleep(1); retry++; errmsg = NULL; - if (buf) + if (buf) { free(buf); + buf = NULL; + } if (sysctl(mib, 6, NULL, &msize, NULL, 0) < 0) { errmsg = "sysctl estimate"; continue;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605112233.u4BMXLiv044625>