Author: ngie
Date: Mon Mar 20 16:30:02 2017
New Revision: 315639
URL: https://svnweb.freebsd.org/changeset/base/315639
Log:
libcam: NULL out freed `ccb.cdm.matches` and `ccb.cdm.patterns` pointers
This is being done to avoid potential double frees with the values.
Differential Revision: D9970
MFC after: 1 week
Reviewed by: imp
Sponsored by: Dell EMC Isilon
Modified:
head/lib/libcam/camlib.c
Modified: head/lib/libcam/camlib.c
==============================================================================
--- head/lib/libcam/camlib.c Mon Mar 20 14:17:00 2017 (r315638)
+++ head/lib/libcam/camlib.c Mon Mar 20 16:30:02 2017 (r315639)
@@ -308,6 +308,7 @@ cam_open_btl(path_id_t path_id, target_i
snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
"%s: couldn't malloc pattern buffer", func_name);
free(ccb.cdm.matches);
+ ccb.cdm.matches = NULL;
close(fd);
return(NULL);
}
@@ -371,7 +372,9 @@ cam_open_btl(path_id_t path_id, target_i
periph_result = &ccb.cdm.matches[0].result.periph_result;
pass_unit = periph_result->unit_number;
free(ccb.cdm.matches);
+ ccb.cdm.matches = NULL;
free(ccb.cdm.patterns);
+ ccb.cdm.patterns = NULL;
close(fd);
sprintf(dev_path, "/dev/pass%d", pass_unit);
return(cam_real_open_device(dev_path, flags, device, NULL,
@@ -388,7 +391,9 @@ cam_open_btl(path_id_t path_id, target_i
btl_bailout:
free(ccb.cdm.matches);
+ ccb.cdm.matches = NULL;
free(ccb.cdm.patterns);
+ ccb.cdm.patterns = NULL;
close(fd);
return(NULL);
}
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
