Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 May 2016 05:12:24 +0000 (UTC)
From:      "Conrad E. Meyer" <cem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r299515 - head/usr.sbin/rtadvd
Message-ID:  <201605120512.u4C5CO0u065704@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: cem
Date: Thu May 12 05:12:24 2016
New Revision: 299515
URL: https://svnweb.freebsd.org/changeset/base/299515

Log:
  rtadvd(8): Fix use-after-close in cm_handler_client
  
  cm_send() closes 'fd' on error.  In that case, bail out early without trying to
  recv from or close 'fd' again.
  
  Reported by:	Coverity
  CID:		1006078
  Sponsored by:	EMC / Isilon Storage Division

Modified:
  head/usr.sbin/rtadvd/control_client.c

Modified: head/usr.sbin/rtadvd/control_client.c
==============================================================================
--- head/usr.sbin/rtadvd/control_client.c	Thu May 12 05:03:12 2016	(r299514)
+++ head/usr.sbin/rtadvd/control_client.c	Thu May 12 05:12:24 2016	(r299515)
@@ -92,9 +92,11 @@ cm_handler_client(int fd, int state, cha
 		case CM_STATE_MSG_DISPATCH:
 			cm->cm_version = CM_VERSION;
 			error = cm_send(fd, buf);
-			if (error)
+			if (error) {
 				syslog(LOG_WARNING,
 				    "<%s> cm_send()", __func__);
+				return (-1);
+			}
 			state = CM_STATE_ACK_WAIT;
 			break;
 		case CM_STATE_ACK_WAIT:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605120512.u4C5CO0u065704>