CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2017/03/24 10:42:38
Modified files:
sys/kern : subr_log.c
Log message:
There was a race in dosendsyslog() which resulted in a crash.
sosend(syslogf->f_data, ...) could be called with a NULL pointer.
syslogf was not NULL, f_data was NULL and f_count was 1. The file
structure is ref counted, but the global variable syslogf is not
protected. So it may change during sleep and dosendsyslog() possibly
used a different socket at each access. Solution is to access
syslogf only once, use a local copy, and do the ref counting there.
OK millert@ deraadt@
