Date: Sat, 13 Jun 2020 02:24:35 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r362140 - projects/nfs-over-tls/sys/rpc Message-ID: <202006130224.05D2OZ7T056977@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Sat Jun 13 02:24:35 2020 New Revision: 362140 URL: https://svnweb.freebsd.org/changeset/base/362140 Log: Fix a possible bug found by inspection. If the record is bogus (not likely), the code m_freem()d the record, but did not set the pointer null. If there was a disconnect of the socket after this failure, there could be another m_freem() done on it. Fixed by setting the pointer null after the m_freem(). Found by inspection of the code. Modified: projects/nfs-over-tls/sys/rpc/clnt_vc.c Modified: projects/nfs-over-tls/sys/rpc/clnt_vc.c ============================================================================== --- projects/nfs-over-tls/sys/rpc/clnt_vc.c Sat Jun 13 01:54:09 2020 (r362139) +++ projects/nfs-over-tls/sys/rpc/clnt_vc.c Sat Jun 13 02:24:35 2020 (r362140) @@ -1174,6 +1174,7 @@ printf("soup m_split returned NULL\n"); m_length(ct->ct_record, NULL) < sizeof(xid_plus_direction)) { m_freem(ct->ct_record); + ct->ct_record = NULL; break; } m_copydata(ct->ct_record, 0,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202006130224.05D2OZ7T056977>