[Bug 243106] jail(3): memory leak when resizing jail parameter list.

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=243106

            Bug ID: 243106
           Summary: jail(3): memory leak when resizing jail parameter
                    list.
           Product: Base System
           Version: 12.1-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: bugs at FreeBSD.org
          Reporter: chwoithe at yahoo.com

Created attachment 210458
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=210458&action=edit
proposed patch

reallocarray() is used in jailparam_all() to shrink the jail parameter list. 
It appears that the final call to shrink the list is unsafe if the reallocation
fails.  There is a possibility, for example, that NULL is assigned to *jpp and
njp keeps its previous (likely non-zero) value.  jls, which uses
jailparam_all(), will attempt to use this invalid list.

I have attached a proposed fix.

-- 
You are receiving this mail because:
You are the assignee for the bug.