svn commit: r365355 - head/sys/rpc
Rick Macklem
rmacklem at FreeBSD.org
Sat Sep 5 00:50:53 UTC 2020
Author: rmacklem
Date: Sat Sep 5 00:50:52 2020
New Revision: 365355
URL: https://svnweb.freebsd.org/changeset/base/365355
Log:
Fix a potential memory leak in the NFS over TLS handling code.
For the TLS case where there is a "user at domain" name specified in the
X.509 v3 certificate presented by the client in the otherName component
of subjectAltName, a gid list is allocated via mem_alloc().
This needs to be free'd. Otherwise xp_gidp == NULL and free() handles that.
(The size argument to mem_free() is not used by FreeBSD, so it can be 0.)
This leak would not have occurred for any other case than NFS over TLS
with the "user at domain" in the client's certificate.
Modified:
head/sys/rpc/svc.c
Modified: head/sys/rpc/svc.c
==============================================================================
--- head/sys/rpc/svc.c Sat Sep 5 00:45:46 2020 (r365354)
+++ head/sys/rpc/svc.c Sat Sep 5 00:50:52 2020 (r365355)
@@ -902,6 +902,8 @@ svc_xprt_free(SVCXPRT *xprt)
{
mem_free(xprt->xp_p3, sizeof(SVCXPRT_EXT));
+ /* The size argument is ignored, so 0 is ok. */
+ mem_free(xprt->xp_gidp, 0);
mem_free(xprt, sizeof(SVCXPRT));
}
More information about the svn-src-head
mailing list