Author: delphij
Date: Tue Nov 29 08:16:14 2011
New Revision: 228119
URL: http://svn.freebsd.org/changeset/base/228119
Log:
In build_volume(), check if arrays is allocated before traversing its
items. While parsing the arrays input, it's possible that we reach the
error path before initializing the 'arrays' pointer, which in turn leads
to a NULL deference.
Submitted by: Garrett Cooper
MFC after: 1 week
Modified:
head/usr.sbin/mfiutil/mfi_config.c
Modified: head/usr.sbin/mfiutil/mfi_config.c
==============================================================================
--- head/usr.sbin/mfiutil/mfi_config.c Tue Nov 29 07:59:45 2011
(r228118)
+++ head/usr.sbin/mfiutil/mfi_config.c Tue Nov 29 08:16:14 2011
(r228119)
@@ -820,9 +820,11 @@ error:
free(config);
free(state.volumes);
free(state.arrays);
- for (i = 0; i < narrays; i++)
- free(arrays[i].drives);
- free(arrays);
+ if (arrays != NULL) {
+ for (i = 0; i < narrays; i++)
+ free(arrays[i].drives);
+ free(arrays);
+ }
close(fd);
return (error);
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
