Author: truckman
Date: Mon May 23 04:50:01 2016
New Revision: 300450
URL: https://svnweb.freebsd.org/changeset/base/300450
Log:
MFC r299894
pdu_delete(request) frees request, so move the call after
login_new_response(request) to avoid a use-after-free error
Reported by: Coverity
CID: 1331219, 1331220
Modified:
stable/10/usr.sbin/ctld/login.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/usr.sbin/ctld/login.c
==============================================================================
--- stable/10/usr.sbin/ctld/login.c Mon May 23 04:47:24 2016
(r300449)
+++ stable/10/usr.sbin/ctld/login.c Mon May 23 04:50:01 2016
(r300450)
@@ -754,10 +754,10 @@ login_wait_transition(struct connection
login_send_error(request, 0x02, 0x00);
log_errx(1, "got no \"T\" flag after answering AuthMethod");
}
- pdu_delete(request);
log_debugx("got state transition request");
response = login_new_response(request);
+ pdu_delete(request);
login_set_nsg(response, BHSLR_STAGE_OPERATIONAL_NEGOTIATION);
pdu_send(response);
pdu_delete(response);
_______________________________________________
svn-src-stable-10@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to "svn-src-stable-10-unsubscr...@freebsd.org"
