[Midnightbsd-cvs] src [8745] trunk/sys/cam/ctl/ctl.c: Fix panic in CTL caused by trying to free invalid pointers passed by the userland process via the IOCTL interface.
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sun Sep 25 22:27:18 EDT 2016
Revision: 8745
http://svnweb.midnightbsd.org/src/?rev=8745
Author: laffer1
Date: 2016-09-25 22:27:18 -0400 (Sun, 25 Sep 2016)
Log Message:
-----------
Fix panic in CTL caused by trying to free invalid pointers passed by the userland process via the IOCTL interface.
Modified Paths:
--------------
trunk/sys/cam/ctl/ctl.c
Modified: trunk/sys/cam/ctl/ctl.c
===================================================================
--- trunk/sys/cam/ctl/ctl.c 2016-09-26 02:26:39 UTC (rev 8744)
+++ trunk/sys/cam/ctl/ctl.c 2016-09-26 02:27:18 UTC (rev 8745)
@@ -2075,6 +2075,11 @@
goto bailout;
for (i = 0; i < num_be_args; i++) {
+ args[i].kname = NULL;
+ args[i].kvalue = NULL;
+ }
+
+ for (i = 0; i < num_be_args; i++) {
uint8_t *tmpptr;
args[i].kname = ctl_copyin_alloc(args[i].name,
More information about the Midnightbsd-cvs
mailing list