Author: trasz Date: Wed Sep 26 07:09:15 2012 New Revision: 240948 URL: http://svn.freebsd.org/changeset/base/240948
Log: Fix panic in CTL caused by trying to free invalid pointers passed by the userland process via the IOCTL interface. Reviewed by: ken@ Modified: head/sys/cam/ctl/ctl.c Modified: head/sys/cam/ctl/ctl.c ============================================================================== --- head/sys/cam/ctl/ctl.c Wed Sep 26 03:54:55 2012 (r240947) +++ head/sys/cam/ctl/ctl.c Wed Sep 26 07:09:15 2012 (r240948) @@ -2075,6 +2075,11 @@ ctl_copyin_args(int num_be_args, struct goto bailout; for (i = 0; i < num_be_args; i++) { + args[i].kname = NULL; + args[i].kvalue = NULL; + } + + for (i = 0; i < num_be_args; i++) { uint8_t *tmpptr; args[i].kname = ctl_copyin_alloc(args[i].name, _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"