svn commit: r240948 - head/sys/cam/ctl

Edward Tomasz Napierala trasz at FreeBSD.org
Wed Sep 26 07:09:16 UTC 2012


Author: trasz
Date: Wed Sep 26 07:09:15 2012
New Revision: 240948
URL: http://svn.freebsd.org/changeset/base/240948

Log:
  Fix panic in CTL caused by trying to free invalid pointers passed
  by the userland process via the IOCTL interface.
  
  Reviewed by:	ken@

Modified:
  head/sys/cam/ctl/ctl.c

Modified: head/sys/cam/ctl/ctl.c
==============================================================================
--- head/sys/cam/ctl/ctl.c	Wed Sep 26 03:54:55 2012	(r240947)
+++ head/sys/cam/ctl/ctl.c	Wed Sep 26 07:09:15 2012	(r240948)
@@ -2075,6 +2075,11 @@ ctl_copyin_args(int num_be_args, struct 
 		goto bailout;
 
 	for (i = 0; i < num_be_args; i++) {
+		args[i].kname = NULL;
+		args[i].kvalue = NULL;
+	}
+
+	for (i = 0; i < num_be_args; i++) {
 		uint8_t *tmpptr;
 
 		args[i].kname = ctl_copyin_alloc(args[i].name,


More information about the svn-src-all mailing list