CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2019/11/13 18:02:02
Modified files:
sys/net : if.c
Log message:
avoid a use after free in if_delgroup.
if_detach passes the groupname from an ifg_list struct to if_delgroup,
if_delgroup then uses the name to find the same ifg_list struct so
it can free it, and then passes the name from the struct to
pfi_group_change(). at worst this can cause a fault if malloc(9)
actually unmaps the page the struct was on, and at best it causes
pf interfaces with garbage names to be created.
ok sashan@ bluhm@
