Author: jhb
Date: Sat May 17 02:45:04 2014
New Revision: 266281
URL: http://svnweb.freebsd.org/changeset/base/266281
Log:
Clear the data buffer length field when freeing a command structure so that
it doesn't leak through when the command structure is reused for a user
command without a data buffer.
PR: amd64/189668
Tested by: Pete Long <p...@nrth.org>
MFC after: 1 week
Modified:
head/sys/dev/aac/aac.c
Modified: head/sys/dev/aac/aac.c
==============================================================================
--- head/sys/dev/aac/aac.c Sat May 17 02:39:20 2014 (r266280)
+++ head/sys/dev/aac/aac.c Sat May 17 02:45:04 2014 (r266281)
@@ -1408,6 +1408,7 @@ aac_release_command(struct aac_command *
fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
/* (re)initialize the command/FIB */
+ cm->cm_datalen = 0;
cm->cm_sgtable = NULL;
cm->cm_flags = 0;
cm->cm_complete = NULL;
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
