Author: rmacklem
Date: Sat Sep 5 00:50:52 2020
New Revision: 365355
URL: https://svnweb.freebsd.org/changeset/base/365355
Log:
Fix a potential memory leak in the NFS over TLS handling code.
For the TLS case where there is a "user@domain" name specified in the
X.509 v3 certificate presented by the client in the otherName component
of subjectAltName, a gid list is allocated via mem_alloc().
This needs to be free'd. Otherwise xp_gidp == NULL and free() handles that.
(The size argument to mem_free() is not used by FreeBSD, so it can be 0.)
This leak would not have occurred for any other case than NFS over TLS
with the "user@domain" in the client's certificate.
Modified:
head/sys/rpc/svc.c
Modified: head/sys/rpc/svc.c
==============================================================================
--- head/sys/rpc/svc.c Sat Sep 5 00:45:46 2020 (r365354)
+++ head/sys/rpc/svc.c Sat Sep 5 00:50:52 2020 (r365355)
@@ -902,6 +902,8 @@ svc_xprt_free(SVCXPRT *xprt)
{
mem_free(xprt->xp_p3, sizeof(SVCXPRT_EXT));
+ /* The size argument is ignored, so 0 is ok. */
+ mem_free(xprt->xp_gidp, 0);
mem_free(xprt, sizeof(SVCXPRT));
}
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
