svn commit: r240948 - head/sys/cam/ctl

Edward Tomasz Napierala Wed, 26 Sep 2012 00:09:46 -0700

Author: trasz
Date: Wed Sep 26 07:09:15 2012
New Revision: 240948
URL: http://svn.freebsd.org/changeset/base/240948


Log:
  Fix panic in CTL caused by trying to free invalid pointers passed
  by the userland process via the IOCTL interface.
  
  Reviewed by:  ken@

Modified:
  head/sys/cam/ctl/ctl.c

Modified: head/sys/cam/ctl/ctl.c
==============================================================================
--- head/sys/cam/ctl/ctl.c      Wed Sep 26 03:54:55 2012        (r240947)
+++ head/sys/cam/ctl/ctl.c      Wed Sep 26 07:09:15 2012        (r240948)
@@ -2075,6 +2075,11 @@ ctl_copyin_args(int num_be_args, struct 
                goto bailout;
 
        for (i = 0; i < num_be_args; i++) {
+               args[i].kname = NULL;
+               args[i].kvalue = NULL;
+       }
+
+       for (i = 0; i < num_be_args; i++) {
                uint8_t *tmpptr;
 
                args[i].kname = ctl_copyin_alloc(args[i].name,
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

svn commit: r240948 - head/sys/cam/ctl

Reply via email to