svn commit: r240948 - head/sys/cam/ctl
Edward Tomasz Napierala
trasz at FreeBSD.org
Wed Sep 26 07:09:16 UTC 2012
Author: trasz
Date: Wed Sep 26 07:09:15 2012
New Revision: 240948
URL: http://svn.freebsd.org/changeset/base/240948
Log:
Fix panic in CTL caused by trying to free invalid pointers passed
by the userland process via the IOCTL interface.
Reviewed by: ken@
Modified:
head/sys/cam/ctl/ctl.c
Modified: head/sys/cam/ctl/ctl.c
==============================================================================
--- head/sys/cam/ctl/ctl.c Wed Sep 26 03:54:55 2012 (r240947)
+++ head/sys/cam/ctl/ctl.c Wed Sep 26 07:09:15 2012 (r240948)
@@ -2075,6 +2075,11 @@ ctl_copyin_args(int num_be_args, struct
goto bailout;
for (i = 0; i < num_be_args; i++) {
+ args[i].kname = NULL;
+ args[i].kvalue = NULL;
+ }
+
+ for (i = 0; i < num_be_args; i++) {
uint8_t *tmpptr;
args[i].kname = ctl_copyin_alloc(args[i].name,
More information about the svn-src-all
mailing list